Incoming White House aides of President-elect Donald Trump’s pending administration attempted Sunday and Monday to redirect the focus on U.S. intelligence agencies’ report on Russia’s hacking of IT systems associated with the Democratic National Committee and the campaign of former Democratic presidential nominee Hillary Clinton. The office of the Director of National Intelligence Friday released an unclassified version of the agencies' report, which said Russian President Vladimir Putin ordered the hacks as part of “an influence campaign in 2016 aimed at” the U.S. presidential election that “aspired to help” Trump’s electoral chances (see 1701060060). Trump “is not denying that entities in Russia were behind this particular hacking campaign,” but similar incidents happen “every election period,” said incoming White House Chief of Staff Reince Priebus on Fox News Sunday. “We also have a problem when [the DNC] allows foreign governments into their system with hardly any defenses or training. That's a huge story, and that's what people aren’t talking about as well.” Incoming Trump counselor Kellyanne Conway told USA Today Monday it’s “curious and a bit humorous” that congressional Democrats are pushing for an independent bipartisan joint House-Senate commission to do an 18-month investigation into Russia’s election-related hacks. There’s already a “great deal of information out there” on the hacks and it’s “very ironic that the uptick in and the hue-and-cry of 'investigation' and 'information' has occurred after the election results are in,” Conway said. Trump will attempt to “make sure that our actions are proportionate to what occurred, based on what we know” about the hacks, Conway said. President Barack Obama’s announced retaliatory actions against Russia (see 1612290040) were a “disproportionate response,” she said.
Sen. Mark Warner, D-Va., queried the Washington Metropolitan Area Transit Authority about the security of WMATA's online communication systems, after a November ransomware attack on the San Francisco Municipal Transportation Agency. “While early reports indicate that the attack on SFMTA may have been opportunistic rather than targeted, I am concerned that WMATA may represent a particularly enticing target for more advanced threats, given its importance to the region and the number of federal agencies that rely on the system to transport their workforces each day,” Warner wrote in a Monday letter to WMATA General Manager Paul Wiedefeld. Warner also asked WMATA to update him on efforts to deploy wireless communication systems including a public Wi-Fi network, and first-responder interoperability concerns raised by a fatal smoke incident near the L’Enfant Plaza rail station in January 2015. "We have received the senator's letter and will provide a timely response," a WMATA spokeswoman said.
FCC bureau chiefs endorsed a North American Portability Management (NAPM) draft nondisclosure agreement (NDA) for resolving a dispute with local number portability administrator Neustar over the treatment of confidential information in the LNPA transition to iconectiv (see 1611210039 and 1611300026). Wireline Bureau Chief Matt DelNero and Public Safety and Homeland Security Bureau Chief David Simpson said they carefully reviewed numerous NDAs proposed by the parties, along with related correspondence. "It is our opinion that the draft NDA submitted by the NAPM to Neustar on November 22, 2016, presents a workable solution that appropriately balances and protects the interests of all parties, and effectively holds confidential information that clearly is such, including information of a national security nature," their letter Friday said in docket 09-109. "We believe that the NAPM proposal sets forth a reasonable definition of confidential information and a reasonable agreement for protecting that information. Should the parties not agree by January 17, 2017, to utilize the last NDA offered by the NAPM, we strongly suggest that the parties execute an NDA that precisely mirrors the definitions of confidentiality in Article 15 of the Master Services Agreement (MSA) for the current LNPA contract. As Neustar has previously agreed to the confidentiality provisions in Article 15, we would logically question its refusal to be bound by those same provisions now."
Executive Vice President Marni Walden said Verizon hasn't decided if it will proceed with the $4.83 billion acquisition of Yahoo, which disclosed two breaches over the past three months that compromised a combined 1.5 billion user accounts in 2013 and 2014 (see 1609220046 and 1612150010). "Unfortunately, I can’t sit here today and say, you know, with confidence, one way or the other, because we still don’t know," she said during a Thursday webcast session of a Citigroup investor conference in Las Vegas, home to the ongoing CES. Investigations need to be completed, she said, and Verizon needs to ensure it's being responsible to shareholders and getting value out of Yahoo. In response to a question from an audience member about when Verizon will make a decision, Walden said she's "not going to put a time frame on it because I honestly don't have a time frame," but "it will take weeks at least. We'll take as long as we need but our goal is not to drag it out. But I have to have certain facts to be able to make a good decision." During a CNBC interview earlier in the day, Verizon's AOL CEO Tim Armstrong said he was hopeful the deal would close though he cautioned the investigation is ongoing. Asked if Verizon would ask for a discount on the deal, he declined to comment but said the focus is to ensure the culture and teams from both companies work well in terms of a potential integration. A Yahoo spokeswoman emailed, "We are confident in Yahoo’s value and we continue to work towards integration with Verizon."
Commerce Secretary Penny Pritzker's "exit memo" outlined accomplishments on cybersecurity, an open internet and trade during the Obama administration, but warned the government "is currently not properly organized to face the challenges posed by the 21st century digital economy." She said the government should focus on five issues: access, cybersecurity, free internet, emerging technologies and workforce issues. Policies and incentives are needed to encourage investment in broadband access. Pritzker said a there's a "growing global cybersecurity crisis" at the hands of criminals and nation-states and the incoming administration should work to promote strong cybersecurity policies, baseline privacy rules and use of encryption as well as government access to data. The President's Commission on Enhancing National Cybersecurity (see 1612020050) recently delivered recommendations to improve cyber defenses and raise cyber awareness. Pritzker said trade agreements and other policies to "protect cross-border data flows, discourage digital protectionism, and ensure open digital markets" should be pursued. She underscored transfer of the Internet Assigned Numbers Authority functions to a multistakeholder, nongovernment group (see 1610030042), completion of the EU-U.S. Privacy Shield to ensure that the transfer of Europeans' personal data is protected (see 1602020040), and creation of the Digital Economy Board of Advisors (see 1612150069) and digital trade attaches program (see 1612120018). Artificial intelligence, autonomous vehicles and IoT are some emerging technologies that should be encouraged and the department should be an "evangelist" to break down barriers to innovation, she said.
Secretary of Homeland Security Jeh Johnson's “exit memo” to mark the impending close of President Barack Obama's administration noted “tangible improvements” to the DHS' record on cybersecurity during the Obama administration and said “more work remains.” DHS was one of several federal agencies that touted cybersecurity progress in their exit memos. The Department of Commerce noted the success of the National Institute of Standards and Technology-facilitated Cybersecurity Framework (see 1701050012). DHS' cyber progress includes the establishment and growth of the department's National Cybersecurity and Communications Integration Center, Johnson said in his memo. NCCIC's mission expanded last year after the 2015 Cybersecurity Act mandated that the center become the main civilian hub for cyber information sharing. Seventy-four entities, including 12 federal agencies, were connected to NCCIC's automated indicator sharing platform as of October, Johnson said. DHS established an “aggressive timetable” for improving federal agencies' cybersecurity under Obama's Cybersecurity National Action Plan, including work on agencies' adoption of the Einstein 3A cyber monitoring program, Johnson said. DHS also successfully established the Industrial Control Systems Cyber Emergency Response Team and is an active participant in international cybersecurity partnerships, Johnson said.
To help address security vulnerabilities from outdated software in consumer IoT devices, the FTC is offering a $25,000 cash prize for the best technical solution, said the agency in a Wednesday news release. Contestants can develop a physical device, which consumers can plug into their home networks to check for and install updates, or an app or cloud-based service, dashboard or other interface, the commission said. Contestants can also add features that "address hard-coded, factory default or easy-to-guess passwords," it added. “Consumers want these devices to be secure, so we’re asking for creativity from the public -- the tinkerers, thinkers and entrepreneurs -- to help them keep device software up-to-date,” said Consumer Protection Bureau Director Jessica Rich. Submissions are due May 22. Winners will be announced around July 27. An NTIA multistakeholder group is also addressing the issue of IoT security upgrades and patching (see 1610190051).
Symantec introduced a Wi-Fi router with security built in in what it calls an “elegant" and "atypical artisanal design.” Norton Core is available for preorder now ($199) with a suggested retail price of $279, said the company in an announcement. A one-year complimentary subscription to Norton Core Security Plus is included with the router, offering protection for up to 20 computers, smartphones and tablets, plus unlimited IoT devices, said the company. Norton Core was built to secure and protect connected homes and has a unique antenna array mounted inside a geodesic dome of “interlocking faces,” which the company said was inspired by defense and weather radar systems deployed in far reaches of the globe. The design is intended to encourage users to place the router out in the open, as part of their home decor, where it can provide a strong, unobstructed Wi-Fi signal. The routers come in gray and gold colors and are to ship in summer. Parental controls are included.
Accountants, attorneys, doctors and others who hold state licenses or certifications should be on the lookout for "official-looking" emails that warn professionals their licenses will be suspended unless they pay past due fees, but are designed to install malicious software, said the FTC in a Wednesday blog post. The commission has been warning consumers about government imposter scams for years, but FTC senior attorney Lesley Fair wrote that scammers now send emails that say a complaint has been filed against professionals, prompting them to click a link that installs the malware on the consumer's computer. "Of course, State Bars and Boards regularly communicate with members via email -- and yes, we all have to pay our annual dues," she wrote. "But if the circumstance is so serious that a person’s professional license is on the line, the first they’ll hear about it won’t be in email like that." Fair recommended professionals call their bar or board directly using the phone number on a membership card. If it's a scam, professionals should report it to the FTC and warn others, she said.
The National Institute of Standards and Technology released a guidebook Thursday aimed at helping organizations develop a game plan to quickly end and recover from a cyberattack. The NIST guide includes tactical and strategic guidance for developing, testing and improving a recovery plan. The document also includes information for planning for specific cyber incidents, including data breaches and ransomware. The book can be used in conjunction with NIST's Cybersecurity Framework, the agency said. NIST said it developed the handbook in response to the overall rise in cyber incidents and the Office of Management and Budget's 2015 Cybersecurity Strategy and Information Plan, which called on federal agencies to improve their cybersecurity response capabilities. “To be successful, each organization needs to develop its own plan and playbooks in advance,” said NIST computer scientist Murugiah Souppaya, one of the guide's authors, in a news release. “Then they should run the plays with tabletop exercises, work within their team to understand its level of preparation and repeat.”