Commissioner Terrell McSweeny will deliver opening remarks at the FTC Start with Security conference in Austin Nov. 5, an agency news release said Wednesday. Speakers will include those who “helped build and run security programs at large-scale enterprises and rapid-growth startups in Austin, like Dell, RetailMeNot, Honest Dollar, and National Instruments, along with top security experts,” it said. Panelists will address how startups can “build a culture of security, including how they can effectively model threats, train their developers, and ensure secure coding practices; scale security testing when they are growing rapidly and continuously iterating their products; work with third-party code and bug reports, and effectively address vulnerabilities; and move past bug hunting to embrace key security features,” it said. A full list of speakers is available on the event website. The conference begins at 9:30 a.m. and will end at 4 p.m. at the University of Texas-Austin’s AT&T Conference Center, it said.
The FBI issued an alert Thursday warning consumers and merchants that the new microchip-enabled credit cards are still susceptible to fraud. Instead of relying on a magnetic strip to store data, the new EMV (EuroPay, MasterCard, Visa) chip cards “verify the card’s authenticity by the cardholder’s personal identification number (PIN)” and “transmit transaction data between the merchant and the issuing bank with a special code that is unique to each individual transaction,” the alert said. EMV cards provide more security than traditional magnetic strip cards, but are still vulnerable to fraud, the alert said. “EMV cards can be counterfeited using stolen card data obtained from the black market,” it said. The data on the magnetic strip of an EMV card can be stolen if the point-of-service terminal is infected with data-capturing malware, and the chip won’t stop stolen or counterfeit credit cards from being used for online or telephone purchases, it said.
The California Department of Motor Vehicles will now post all autonomous-vehicle accident reports on its website, a Consumer Watchdog news release said Friday. CW suggested the DMV make the reports available online so the public has information readily available when something goes wrong on U.S. highways, which the group says are being used as “corporate laboratories for robot car makers.” CW Privacy Project Director John Simpson welcomed the DMV’s decision to make the reports available, but said further steps are necessary. CW has petitioned the DMV (see 1508200028) and asked for a rulemaking process that would require police to investigate crashes and require copies of any video or technical data gathered by the robot vehicle related to the crash be provided to the department, the release said. “Under the current regulations, the Department relies completely on the testing company’s account of what happened,” Simpson said. “With the public’s safety at stake, it’s imperative that a neutral third party investigates any accident involving a robot car,” he said.
NCTA defended the controversial Cybersecurity Information Sharing Act (S-754) Wednesday, saying concerns about how the bill would affect privacy and civil liberties protections “have been heard and important changes have been made to the bill to ensure it can in no way be misused as a 'surveillance' bill.” S-754 is likely to return to the Senate floor after Congress' upcoming one-week recess after months of negotiations to assuage critics' concerns about the bill, though privacy advocates are continuing to oppose it (see 1510060046). S-754's “scope is extremely narrow, and specifically aimed at protecting business, individuals, and critical Internet infrastructure from malicious cyber attacks,” NCTA said. “It does this by allowing companies to share cyber threat indicators, or CTIs, with other companies and the DHS portal in real time through a mandated automated process.”
“For America’s drone technology to actually take flight, we need a regulatory framework that embodies a risk-based approach to integrating unmanned aircraft systems [into the national airspace] to maximize safety, utility and economic benefit,” said CEA CEO Gary Shapiro in a news release Wednesday. Shapiro’s comments came as the House Aviation Subcommittee held a hearing on ensuring aviation safety in the era of unmanned aircraft systems. “The drone industry is set to take off one-million flights per day within the next 20 years given the right regulatory environment,” for uses ranging from search and rescue to package delivery to filming movies to precision agriculture, Shapiro said. “Until the Federal Aviation Administration releases clear rules authorizing drones in the national airspace, the industry and CEA will continue to educate drone enthusiasts about the safe and responsible operation of drones through the Know Before You Fly campaign.”
The Federal Aviation Administration wants to levy the “largest civil penalty" it has proposed against an unmanned aircraft system operator "for endangering the safety of our airspace” by operating drones in a “careless or reckless manner,” the agency said in a Tuesday announcement. The proposed $1.9 million civil penalty against SkyPan International of Chicago alleges that between March 21, 2012, and Dec. 15, 2014, SkyPan conducted 65 unauthorized operations “in some of our most congested airspace and heavily populated cities [including New York City and Chicago], violating airspace regulations and various operating rules,” the FAA said. The flights involved aerial photography, and the aircraft were “not equipped with a two-way radio, transponder, and altitude-reporting equipment,” the FAA said. SkyPan also failed to obtain a certificate of waiver or authorization for the operations, the release said. SkyPan has 30 days to respond to the FAA’s enforcement letter, it said. SkyPan didn’t have an immediate comment.
FirstNet released what it said is the last in a “long line of ongoing consultation efforts" toward the release of requests for proposals (RFPs) on a national broadband network for first responders, this time seeking comments on cybersecurity. Cybersecurity “is prominent among the high-level objectives" for the network, FirstNet said. The authority said it already has gathered “an extensive amount of information.” Comments are due 1 p.m. EDT Oct. 16. FirstNet said it wants “feedback from stakeholders, including states, tribes, territories, public safety stakeholders, and market participants” on protecting the network against attack. “A paradigm shift in how cyber security is defined and delivered is required, and FirstNet seeks input to effect this paradigm shift so that the [network] can be appropriately defended,” it said. FirstNet President TJ Kennedy said in a Tuesday blog post that the authority wants to be leading edge. “We have an opportunity to innovate and be creative in addressing cyber security from the ground up for one of the most diverse, complex, and unique broadband networks in the country,” he wrote. “After all, this will be the only nationwide network that is dedicated to public safety and can provide first responders with true priority and rural coverage.”
U.S. reliance on an “all-tools” cybersecurity strategy that emphasizes public-private cooperation has “raised the cost of cyber attacks and economic espionage, and made it clear that we will not tolerate the status quo,” said Assistant Attorney General-National Security Division John Carlin in remarks prepared for the American Gaming Association posted Wednesday. That strategy “altered the dialogue,” as evidenced by last week's U.S.-China agreement not to engage in cybertheft of each other's IP assets, Carlin said. “Only time will tell” whether that agreement will result in concrete actions, but “our commitment to deterrence has made a difference,” he said. That commitment will continue, so “whether you are the Syrian Electronic Army, North Korea, ISIL or a state-sponsored hacker, we can and will find you. And when we do, there will be consequences.” The U.S.'s cybersecurity commitments will also continue to require private sector involvement and the Department of Justice will continue to help private sector participants “manage your risk” via information sharing and threat response assistance, Carlin said.
In recognition of National Cyber Security Awareness Month in October, FTC Consumer Education Specialist Aditi Jhaveri, in a blog post Thursday, encouraged individuals to share #CyberAware videos, review the FTC’s resources and tips on how to talk to children about online safety, review resources on how a company can protect personal information it collects and order free materials.
Stations that make their public inspection files available online shouldn't be required to make their facilities open to the public, said Commissioner Mike O'Rielly in a blog post. The commission should clarify its current and future online public file rules to make this clear, O'Rielly said Tuesday. “This positive step will improve the safety of broadcast stations while enhancing public access to key records.” Public file inspection requirements create “a potential weakness” in broadcaster security, O'Rielly said. “When unknown individuals are allowed into a broadcast facility for any purpose, but in particular, to review the public inspection file, the list of potential risks can be quite long, including violence.” The FCC included -- at O'Rielly's urging -- a request for comment on the security ramifications of online public files in its most recent online political file NPRM, but received little response, O'Rielly said. “It would be helpful to have a more fulsome record” on the threats and harms facing broadcast station workers and whether online public file could address them, he said. “I call on my fellow Commissioners to help to improve the safety and security of America’s broadcasters and their employees by reducing unnecessary access if or when any efforts to expand the online public file go live.”