Sens. Steve Daines, R-Mont., and Tammy Duckworth, D-Ill., raised concerns Friday with the General Services Administration’s practice of leasing “high-security” government space from foreign owners, saying the practice poses a cyber risk for the federal government. A recent GAO report found that GSA leased high-security space in foreign-owned buildings for at least two agencies, including the FBI. “Federal agencies are among the top targets for cyber criminals, with many agencies experiencing thousands of attempted attacks daily,” Daines and Duckworth said in a letter to acting GSA Administrator Timothy Horne. “Agencies must have the information necessary to assess and address the risks to their high-security facilities, including cybersecurity vulnerabilities that exist in foreign-owned buildings.” The senators sought a response by March 31 on how GSA will address their concerns. GSA didn't immediately comment.
The FCC Consumer and Governmental Affairs Bureau gave Jewish community centers an emergency waiver Friday so they can trace bomb threats. The JCCs sought a waiver of 64.1601(b) of rules, “which prohibits terminating carriers from passing the calling party number (CPN) to a called party where a privacy indicator has been triggered by the caller,” a public notice said. “Access to the CPN could assist in identifying individuals placing threatening calls to those facilities.” Senate Minority Leader Charles Schumer, D-N.Y., sought action in a waiver request and an FCC spokesman had said Chairman Ajit Pai was "very concerned" about the threats (see 1703010065). Schumer indicated 69 threats have been made to 54 JCCs in 27 states since the beginning of 2017, the bureau said. “Given the exigent circumstances and number of recent threats cited, we separately grant, on an emergency and temporary basis, a waiver of section 64.1601(b) as applied to threatening calls made to JCC facilities,” the bureau said. “We seek comment herein on whether to extend that waiver on a permanent basis, including ways to best facilitate the ability of law enforcement to identify individuals making such threatening calls while maintaining the privacy of callers who utilize CPN blocking for lawful purposes.” Comments are due in docket 91-281 March 17, replies March 24. "I am pleased that we are taking quick action to address this issue and hope that this waiver will help Jewish Community Centers, telecommunications carriers, and law enforcement agencies track down the perpetrators of these crimes," Pai said in a statement. Schumer applauds "the FCC’s decision to grant a special waiver to targeted JCCs, which will help us track down and identify perpetrators making threatening calls that frighten communities and waste the precious resources of local law enforcement,” he responded. "Already, one suspect has been taken into custody and I am hopeful today’s decision will help catch and deter any future copycats. All communities and entities targeted by intimidation and fear deserve access to all of the tools needed to ensure these criminals are brought to justice."
Seventy percent of corporate executives said their leaders and boards are "concerned" or "very concerned" about threats from leaks or fake news, said a Korn Ferry news release on a survey of 781 respondents in February. “The threat of reputational damage due to leaks or fake news is on the rise," said Richard Marshall, global managing director-corporate affairs. About half the respondents said the threat of leaks or fake news has increased in recent years, and 19 percent said their companies have been affected by fake news over the past year. False information about their company is the "biggest threat," followed by product misinformation and false information about their leaders, said the executive search and organizational advisory firm. Thirty-eight percent said their companies have changed or are changing their email policies, and 51 percent said they're being careful about content in their emails.
CTA President Gary Shapiro and FCC Chairman Ajit Pai were among those reacting this weekend on Twitter to the shooting last week of two Garmin engineers, both 32 and originally from India, and a bystander in a bar near Garmin’s U.S. headquarters in Olathe, Kansas, in what authorities are calling a possible hate crime (see 1702240066). Srinivas Kuchibhotla died in the shooting and his Garmin colleague, Alok Madasani, was wounded, as was Ian Grillot, 24, the bystander who tried to intervene. “Our hearts go out to family and friends of Srinivas Kuchibhotla, the other victims and the entire @Garmin family,” Shapiro tweeted Saturday. "RIP, Srinivas Kuchibotla [sic]," Pai tweeted late Friday. "@Garmin engineer murdered in cold blood in KC was 'simply an outstanding human being.'" The son of immigrants from India, Pai grew up in Parsons, Kansas, about 125 miles southwest of Olathe, his FCC bio page says. Alleged gunman Adam Purinton, 51, faces one count of premeditated first-degree murder and two counts of premeditated attempted first-degree murder in Johnson County District Court in Olathe. Purinton made his first court appearance Monday before Judge Charles Droege, who scheduled Purinton for a March 9 "no go" preliminary hearing, where he'll hear his fiirst evidence in the case, court records show.
Yahoo is enhancing its information security program, reducing exposure of sensitive data and taking other "extensive" technical and organizational steps to protect its systems, said April Boyd, head of global public policy, in an eight-page letter released Friday to a Senate Commerce Committee inquiry. Senate Commerce Chairman John Thune, R-S.D., and Consumer Protection Subcommittee Chairman Jerry Moran, R-Kan., sent a letter to CEO Marissa Mayer (see 1702100059), seeking more information about the 2013 and 2014 breaches that compromised a combined 1.5 billion user accounts. The company disclosed the incidents last year and has been dealing with fallout, including congressional inquiries, lawsuits and uncertainty over a Verizon deal to acquire it (see 1612150010 and 1612230029). The companies said last week they agreed to a price that's $350 million less (see 1702210024). Boyd provided details about how Yahoo notified affected users, types of data compromised, efforts to mitigate harms and its ongoing focus on security. She wrote that even before the incidents were disclosed, the company worked to enhance security. "These matters have received and continue to receive significant attention from executives in the company, including near-daily working sessions with the CEO, a security-focused presentation by Yahoo's Chief Information Security Officer at the company's all-hands meeting each week" and engineering security improvements of products and systems, she wrote. Boyd indicated in the letter that the Yahoo board's independent committee will provide a briefing to members and staff, emailed a Senate Commerce spokesman
In a Facebook post Friday, Garmin said it's “devastated by ‘the senseless tragedy that took the life of one of our associates and friends, Srinivas Kuchibhotla, and injured another, Alok Madasani.’” The two Garmin engineers, both 32 and originally from India, were shot Wednesday in a bar near Garmin’s U.S. headquarters in Olathe, Kansas, in what authorities are calling a possible hate crime. Alleged gunman Adam Purinton reportedly told the Garmin engineers to “get out of my country” before shooting the men, along with Ian Grillot, who was injured when he intervened, reported The Kansas City Star. It said Purinton was charged with first-degree murder in the death of Kuchibhotla and with two counts of attempted first-degree murder in the shootings of Madasani and Grillot. Madasani was released from the hospital Thursday.
NTIA extended the time to comment on an IoT green paper to March 13, the agency said in a Wednesday notice and tweet. The Department of Commerce agency didn't give a particular reason for extending the Monday deadline by another two weeks, saying it's seeking broad input. The paper, which was released more than a month ago, "lays out an approach and areas of engagement" for Commerce's potential work on IoT, including how it can tackle related policy challenges (see 1701120050).
The FCC Communications Security, Reliability, and Interoperability Council will meet 1-5 p.m., March 15, in the Commission Meeting Room, for the last time under the charter for its fifth iteration, the agency said in a notice set to appear in Thursday's Federal Register. The meeting will be the first since the start of FCC Chairman Ajit Pai’s administration, which has raised questions about CSRIC’s future role in cybersecurity policy (see 1701250077 and 1702060059).
Verizon will buy Yahoo's operating business for $350 million less than Verizon's initial $4.83 billion offer and the companies "will share certain legal and regulatory liabilities arising" from the 2013 and 2014 data breaches that compromised a combined 1.5 billion Yahoo user accounts (see 1612150010), they said in a Tuesday statement. Under the amended deal, which is expected to close Q2, Yahoo will be responsible for 50 percent of cash liabilities incurred after non-SEC government investigations and third-party lawsuits related to the breaches are closed, the companies said. At least two dozen lawsuits have been filed against Yahoo after the company announced the breaches last year (see 1612230029) and lawmakers also are seeking answers (see 1702150070 and 1702100059). Yahoo would continue to be responsible for liabilities from shareholder suits and SEC probes, the news release said. The companies also agreed that the data breaches or any losses from them "will not be taken into account in determining whether a 'Business Material Adverse Effect' has occurred or whether certain closing conditions have been satisfied." Verizon Executive Vice President Marni Walden said the amended terms are "fair and favorable" for shareholders and the deal still makes "strategic sense." The company is seeking to increase its advertising business (see 1607250016). Yahoo CEO Marissa Mayer said the deal will "accelerate" the company's mobile operating business and separate its "Asian asset equity stakes."
LG's webOS 3.5 Security Manager is the first smart TV platform to land UL certification “for its effective cybersecurity capabilities,” LG said in a Tuesday announcement. UL tested the webOS 3.5 Security Manager for malware susceptibility and vulnerabilities, software weaknesses and security controls under its 2900-1 Cybersecurity Assurance Program, LG said. “UL assessed the effectiveness of each webOS 3.5 security layer by subjecting the software to a variety of virtual network penetrations and vulnerability attacks.”