Facebook will hire 3,000 people over the next year to review millions of weekly reports it gets about live videos or ones posted later that show crimes, including murders, and suicides, said CEO Mark Zuckerberg in a post Wednesday. The hires to the company's global community operations team will be on top of the current 4,500 employees, he said. "These reviewers will also help us get better at removing things we don't allow on Facebook like hate speech and child exploitation," said Zuckerberg. "We'll keep working with local community groups and law enforcement who are in the best position to help someone if they need it -- either because they're about to harm themselves, or because they're in danger from someone else." The company is building better tools that make it easier for users to report problems and enable reviewers to determine violations more quickly and to report them more easily to law enforcement, he added. "Just last week, we got a report that someone on Live was considering suicide. We immediately reached out to law enforcement, and they were able to prevent him from hurting himself," he said. "In other cases, we weren't so fortunate."
The House Science Committee advanced the National Institute of Standards and Technology Small Business Cybersecurity Act (HR-2105) Tuesday on a voice vote. The bill, a House companion to the Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act (S-770), would direct NIST to facilitate a voluntary public-private partnership to develop best practices for reducing critical infrastructure small- and medium-sized businesses' cybersecurity risks (see 1704210038). The committee cleared an amendment from Rep. Jerry McNerney, D-Calif., that would require NIST's small business guidance to include cybersecurity case studies. House Science ranking member Eddie Bernice Johnson, D-Texas, said she supports HR-2105 because it “addresses a significant need” to aid small businesses in addressing cybersecurity issues, but noted she's also concerned the bill doesn't allocate additional funds to NIST to address those issues.
IEEE launched an initiative to develop consensus standards and a framework for better securing a person's digital identity and improving online trust, said the standards organization in a Thursday news release. The program is seeking academic researchers, policy and legal experts, tech innovators and others to create standards for consumer and patient data. “Identity is a consideration in every business and social transaction,” said program co-chair Greg Adamson, president of the IEEE Society on Social Implications of Technology. “Blockchain technology could be the catalyst to making universal and dignity respecting digital identification systems a reality with its unique ability to retain identities in a secure and immutable manner.”
Public-private partnerships are critical in countering cyberthreats, said CenturyLink CEO Glen Post, speaking to military and industry leaders. "In this rapidly evolving environment, how and with whom our nations partner will have profound effects on the security and prosperity of our global economy," Post said at the NATO Communications and Information Agency's Annual Industry Conference and AFCEA TechNet International event in Ottawa, said a company release Monday. "Given the extraordinary speed of innovation and technology adoption, CenturyLink is leveraging its relationships with our customers, vendors and peers to anticipate and address these challenges and assure the resiliency of our cyber ecosystem." He said industry and government parties must pursue partnerships with trusted peers. "Securing our collective networks against evolving cyberthreats begins when organizations acknowledge we are all interdependent and that we face common threats and vulnerabilities," he said. "It is only by working together that we can create the best technologies, processes and world-leading solutions."
The Department of Homeland Security should partner more with "commercial concerns" like Microsoft to help the department fulfill its mission, said Homeland Security Secretary John Kelly, speaking Tuesday at a George Washington University streamed event. Responding to a question about cyber from Frank Cilluffo, who directs the university's Center for Cyber and Homeland Security, Kelly said the department's job is protecting dot-gov websites, but it wants to partner "to the greatest degree possible" with business. Kelly said he recently met with Microsoft leadership in Seattle and said executives there are "very, very interested in partnering as we are." Kelly didn't provide further detail but said President Donald Trump is involved in outreach efforts and is organizing an "internal commission" to look at the issue. Microsoft didn't comment but a DHS spokesman emailed that the secretary's comments about Trump's commission were in reference to the White House Office of Innovation led by the president's son-in-law and senior adviser, Jared Kushner (see 1703270043). Kelly's speech and discussion with Cilluffo focused on the secretary's wide-ranging mission, including cyber-related issues. Kelly said the internet is helping terrorists spread "hateful" propaganda, recruit soldiers and plan attacks. “And thanks to new and ever improving and proliferating encryption devices and secure communication techniques these individuals are becoming harder and harder and I predict eventually impossible to detect," he said. A recent Tech:NYC policy paper said the Trump administration strongly supports access to device encryption, which the tech industry and privacy advocates oppose (see 1704140034).
Delaware, Oregon and Florida ranked highest in billing and shipping e-commerce fraud last year, said a Friday Experian report. Such attacks jumped more than 200 percent there, and California and New York had more than 70 percent of total e-commerce billing fraud attacks, said the information services company. South El Monte, California, led the list of U.S. cities in shipping and billing fraud in 2016, it said. Experian attributed the rise in e-commerce fraud attacks to continued adoption of EMV (Europay, MasterCard and Visa) terminals for chip-and-PIN credit cards, which has reduced credit card fraud at point-of-sale but driven scammers online.
The American Cable Association urged the National Institute of Standards and Technology to clarify its approach to developing metrics as part of the agency’s work to update the 2014 Cybersecurity Framework, in comments released Tuesday. NIST collected feedback through Monday on its draft v1.1 framework update, which included metrics language aimed at starting a conversation on how to effectively measure use of the framework (see 1701100084). Other commenters urged NIST to be cautious about metrics development and urged inclusion of language in the framework on vulnerability disclosure guidelines and cybersecurity insurance (see 1704110045). The metrics language in NIST’s draft v1.1 “is confusing, and in some respects contradictory,” ACA said. “It is not nearly ready for adoption,” in part because ACA said it “fails to convey clear, definitional guidance, and this lack of clarity is likely to frustrate small operators and may lead some to give up on the Framework altogether. Moreover, based on the proposed changes, those that do attempt to implement the entire Framework, including its recommendations on measurement, may end up relying overmuch on a one-size-fits all checklist assessment created by third party consultants or auditors, rather than making the type of inward-looking, individualized approach to cybersecurity risk management that the Framework otherwise encourages.” NIST should instead “continue to work with the private sector to develop a clearer and more useful approach,” ACA said.
Websites that offer free content like movies, TV shows and sports are likely hiding malware that can hijack individuals' computers, steal personal data and hit them with a barrage of advertising, wrote Will Maxson, FTC assistant director-Marketing Practices Division, in a Wednesday blog post. "We recently downloaded movies from five sites that offered them for free. In all five cases, we ended up with malware on our computer. Generally, it served up a slew of unwanted ads." He said downloading pirated content is illegal. Maxson said it's also not a good idea to provide credit card information if some sites ask for it since they may not be legitimate businesses.
NTIA will hold the next meeting April 26 of its multistakeholder process on IoT security upgradeability. The process, which convened in October (see 1610190051), is now divided into working groups focused on existing standards and tools, technical capabilities, communicating security upgradeability and adoption incentives and barriers. Participants aim to use the meeting to “share progress from the working groups and hear feedback from the broader stakeholder community,” NTIA said in a notice to have run in an upcoming Federal Register. “Stakeholders will also discuss their vision of the timing and outputs of this initiative, and how the different work streams can complement each other.” The meeting is to run 10 a.m.-4 p.m. at the American Institute of Architects’ offices in Washington.
The FCC is rechartering its Communications Security, Reliability and Interoperability Council for a new two-year term, though with apparently less focus on cybersecurity than the CSRIC under former Chairman Tom Wheeler. The last CSRIC met the final time in March (see 1703150058) and no top FCC official spoke. Early in his chairmanship, Ajit Pai rescinded two cybersecurity items issued under Wheeler -- a white paper on communications sector cybersecurity regulation and a notice of inquiry on cybersecurity for 5G devices (see 1702060059). Wheeler appointed David Simpson chief of the Public Safety Bureau in 2013 because of his cybersecurity expertise (see 1402190030), and Simpson spoke frequently at CSRIC meetings while he was at the FCC. “The issues to be considered may include, but are not limited to: (1) the reliability of communications systems and infrastructure; (2) 911, Enhanced 911 (E911), and Next Generation 911 (NG911); (3) emergency alerting; and (4) national security/emergency preparedness (NS/EP) communications,” the FCC said in a public notice. Nominations for membership are due at the FCC no later than April 24, the PN said. The new CSRIC will start work early in the summer, the FCC said.