Pennsylvania prepared for a future “Black Sky” crisis in which a cyberattack, severe weather or nuclear explosion could knock out power across a large region, disabling utilities including telecom. Gov. Tom Wolf (D) hosted an exercise at the Public Utility Commission Friday, the PUC said in a news release. It was attended by 130 participants from state and federal government agencies, neighboring state utility commissions, military and law enforcement agencies, utility companies, first responders and nonprofit organizations. The full-day training was closed to the public and media. “Many organizations test emergency plans, but rarely do they prepare for a multi-faceted incident quite like a Black Sky event,” Wolf said at the exercise. “Such an event would have an extraordinary impact on our society, causing power and service outages that could last days, weeks, even months.”
The Trustworthy Accountability Group said it plans to provide best practices and an information-sharing infrastructure to help the advertising industry better fight malware. "Later this year, TAG plans to unveil the results of that work and begin to offer companies a TAG anti-malware seal if they comply with those standards," the group said in a Wednesday blog post, after a malware summit in New York City. The group, formed two years ago by the American Association of Advertising Agencies, Association of National Advertisers and Interactive Advertising Bureau to tackle malicious software, among other problems, said the summit's discussions were confidential but featured several industry leaders, including AppNexus co-founder Brian O'Kelley and The Media Trust CEO Chris Olson. Industry leaders also met with representatives from the departments of Homeland Security and Justice and the FBI.
Synaptics is using this week’s Computex Taipei show in Taiwan to demonstrate a new USB dongle that enables secure fingerprint authentication on any notebook PC, the company said in a Wednesday announcement. The dongle is a ready-to-use fingerprint module that’‘s “small enough to remain unobtrusively installed in any notebook USB port,” Synaptics said. “The rapid growth of online payments combined with the critical need for protecting access to PC data for businesses and consumers alike is driving the need for high performance biometric authentication,” the company said. “All things equal, fingerprint authentication is significantly more secure than typing passwords, and when combined with the convenience of not remembering and changing multiple passwords, it should end the debate.” Synaptics plans to sample the dongle in Q3 with mass production expected in Q4, he said.
Login user data stolen from social networking site Myspace was made available in an online hacker forum, parent company Time said in a news release Tuesday. The company said the social networking site's technical security team found out about the breach "shortly before the Memorial Day weekend," but it didn't indicate how many users were affected. The breach was attributed to Russian cyberhacker "Peace," who has links to attacks on LinkedIn and Tumblr, a Myspace blog post said. Time said the stolen data "is limited to a portion of Myspace usernames, passwords and email addresses, from the old Myspace platform" before June 11, 2013, when it was relaunched with stronger account security measures. But Time said none of its other subscriber information or media assets were compromised. It said Myspace is now notifying all affected users, has invalidated their passwords, is monitoring for suspicious activity and is working with law enforcement officials on the investigation.
About 51 percent of surveyed security professionals believe their companies have altered their security approaches because of changes in IT operations, CompTIA said Tuesday in a report. CompTIA surveyed 500 security professionals. “Far more than half of all companies have adopted cloud computing and mobile devices,” said Seth Robinson, CompTIA senior director-technology analysis, in a news release. “This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities.” Ninety percent of IT professionals said their companies take security more seriously than two years ago, but many companies still need to improve their actual practices, CompTIA said. “Simply placing a higher priority on security may not lead to improved measures,” Robinson said. “Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken.”
The FCC would be ill-advised to impose any rules to shore up 5G security as it opens high-frequency bands for commercial use as part of its spectrum frontiers rulemaking, CTIA said in a filing Monday. The FCC has long supported industry leadership and working groups like the Communications Security, Reliability and Interoperability Council to address technical issues “affecting the entire global ecosystem,” the wireless association said. “CTIA urges the Commission to maintain an ongoing dialogue with the wireless industry on important and complex 5G security issues and encourage actions that can be taken in standards groups and by CSRIC,” CTIA said in the filing submitted to dockets including 14-177. Carriers are committed to ensuring that 5G is secure, the group said. Nokia is doing research on security for 5G networks and Ericsson has been working on 5G issues, CTIA said. Any move by the FCC while 5G is still nascent “would depart from that history and undermine ongoing global collaboration,” CTIA said. “Given the complex technical issues involved, FCC regulation also would be nearly impossible to execute and could have serious unintended consequences. The Commission should instead continue to rely on industry actions that can be taken in standards groups and by CSRIC to bring together the wireless ecosystem to continue work on emerging 5G architecture.”
The Communications Security, Reliability and Interoperability Council meets June 22, the FCC said in Friday's Federal Register. CSRIC approved five working groups' recommendations at the council's last meeting in March, including a set of best practices on 911 call rerouting between public safety answering points and several reports on the security of other communications systems (see 1603160061). The June meeting is set to begin 1 p.m. in the Commission Meeting Room, a notice said.
The Senate Judiciary Subcommittee on Crime and Terrorism plans a May 18 hearing on the threat of ransomware and possible solutions. The 3 p.m. hearing will be in 226 Dirksen. No witnesses were listed. Ransomware is malware that prevents people from using their computers or data on the computers unless they pay money to free up the device or data. Sen. Barbara Mikulski, D-Md., recently said at a Senate Appropriations subcommittee hearing that ransomware is becoming a major threat and cited a March attack that crippled the systems of 10 Maryland hospitals in the MedStar Health network (see 1604190032).
Seventy-three percent of surveyed organizations have had at least one data breach or other cyberincident in the past year, CompTIA said Wednesday in a report. About 60 percent of such breaches were categorized as serious, the group said. CompTIA surveyed more than 1,500 business and tech executives from the U.S., Canada and 10 other countries. Ninety-four percent of surveyed organizations from India said they had experienced a breach, while only 39 percent of organizations from Japan self-reported cyberincidents, CompTIA said. Seventy-six percent of all surveyed organizations reported at least one mobile-related security incident, including lost devices and mobile malware. Although 96 percent of organizations indicated testing after cybersecurity training is important, only 23 percent rated their cybersecurity education and training practices as extremely effective, CompTIA said.
Five states will participate in a policy academy on cybersecurity, the National Governors Association said in a news release Thursday. Connecticut, Illinois, Louisiana, Nevada and Oregon will participate in the academy, which will cover developing and implementing comprehensive cybersecurity strategies, NGA said. Virginia Gov. Terry McAuliffe (D) and Michigan Gov. Rick Snyder (R), co-chairs of NGA’s Resource Center for State Cybersecurity, will serve as faculty for the policy academy. “Threats to our cybersecurity remain one of the most significant homeland security challenges facing the nation,” McAuliffe said. “This opportunity will allow states to learn effective cybersecurity practices to better safeguard citizens.” Snyder said, “Cyber threats affect everyone from law enforcement, public works and energy agencies, to financial and communications sectors and ultimately, citizens of every state. This policy academy will help states develop strategic plans to enhance their cybersecurity capabilities and improve incident response planning.” Earlier this month, NGA announced a separate policy academy on emergency communications interoperability (see 1604070058).