In This Issue
- House: Cloud Privacy
- Email Privacy Closer
- Senate Should Join
- Report from the CEO
- Trump: Cybersecurity
- Experts Look for Clues
- GAO to NCCIC: Clarify
- Netanyahu’s Agenda
- Cybersecurity Jobs
- Senate Bill to Track
- AI Is Stopping Hacks
- SMB Growth and Cloud
- Cisco Secure Gateway
- Importance of Cloud
- IoTW USA – 2 Weeks
- Creative Storage Conf
- Coming DCIA Events
The US House of Representatives approved on Monday the Email Privacy Act, which would require law enforcement agencies to get court-ordered warrants to search email and other data stored with third parties for longer than six months.
The House approved the bill by voice vote, and it now goes the Senate for consideration.
The Email Privacy Act would update a 31-year-old law called the Electronic Communications Privacy Act (ECPA).
Some privacy advocates and tech companies have pushed Congress to update ECPA since 2011.
Lax protections for stored data raise doubts about US cloud services among consumers and enterprises, supporters of the bill say.
Under ECPA, the protections are different for older or more recent data.
Law enforcement agencies need warrants to search paper files in a suspect’s home or office and to search electronic files stored on the suspect’s computer or in the cloud for less than 180 days.
But files stored for longer have less protection… Read More
Could this be the year that the Electronic Communications Privacy Act (ECPA) is updated to better protect the privacy of our emails?
By a voice vote, the US House of Representatives passed the Email Privacy Act, which would do just that.
In 2016, the bill passed the House by a vote of 419-0.
The Center for Democracy & Technology (CDT) continues to be a leading advocate for updating ECPA.
“Support for constitutional protections, like requiring the government to get a warrant to read email, remain bipartisan.
House leadership and the sponsors of the Email Privacy Act have made a powerful statement by moving the legislation so quickly in the new Congress,” said CDT Vice President of Policy Chris Calabrese.
“The House has acted to protect Americans’ privacy. Now it’s up to the Senate and the President to do the same.”
With the bill moving to the Senate, CDT will work with members of the Digital Due Process (DDP) Coalition to advocate for its passage… Read More
As far as law enforcement and the federal law regarding electronic communications are concerned, any of your emails older than 180 days have been “abandoned” and don’t carry an expectation of privacy; they’re no different than the trash you leave at the curb and can be searched without a warrant.
That standard, allowing law enforcement agencies to obtain old emails without a warrant, is a holdover from the Electronic Communications Privacy Act (ECPA), passed in 1986, years before most of us heard “You’ve got mail,” when we went to our computers.
The act has gone untouched since it was passed, as has the loophole that denies the privacy protections and warrant requirements that apply to hardcopy documents.
Along with email, this standard also applies to any documents stored in the cloud, such as with storage services such as Dropbox; law enforcement agencies can go to the email or other service provider and demand documents older than 180 days without seeking a judge’s permission.
That would change under the Email Privacy Act, which on Monday passed in the US House by unanimous voice vote… Read More
The US House of Representatives this week approved by voice vote the Email Privacy Act (HR 387) to protect Americans’ privacy and public safety in the digital age.
House Judiciary Committee Chairman Bob Goodlatte (R-VA) applauded passage of the bill:
“The US Constitution protects Americans’ property from unreasonable searches and seizures and we must ensure that this principle continues to thrive in the digital age…
As technology has far-outpaced the Electronic Communications Privacy Act of 1986, the Email Privacy Act modernizes this decades-old law to establish a uniform warrant requirement to acquire stored electronic communications in criminal investigations.
These updates to the law will better safeguard Americans’ constitutional rights while also protecting law enforcement’s ability to fight crime.”
Thirty years ago, Congress passed the Electronic Communications Privacy Act (ECPA) of 1986 to provide a fair balance between the privacy expectations of American citizens and the legitimate needs of law enforcement agencies.
The Email Privacy Act, sponsored by Congressman Kevin Yoder (R-KS), modernizes ECPA to protect Americans’ privacy and provide law enforcement with tools needed for its investigations.
The bill creates a uniform warrant standard for law enforcement to obtain the content of communications in criminal investigations.
It allows the provider to notify its customers of receipt of a warrant, court order, or subpoena, unless the provider is court ordered to delay such notification.
The measure maintains current law that delineates which remote computing service providers – or cloud providers – are subject to the warrant requirement for content in a criminal investigation.
It ensures a heightened legal process and procedures to obtain information for which the customer has a reasonable expectation of privacy, namely emails, texts, photos, videos, and documents stored in the cloud. Share wisely, and take care.
US President Donald Trump on Tuesday postponed signing an executive order that is expected to require the heads of government agencies to play a more direct role in reviewing and managing risks to networks under their control.
Trump, at a White House event with top officials to discuss his order, said his initiative would “hold my Cabinet secretaries and agency heads accountable, totally accountable, for the cybersecurity of their organizations.”
“We must defend and protect federal networks,” he said.
A signing ceremony was planned for Tuesday afternoon but an aide said it had been postponed.
When signed, the order will give the White House budget office a central role in assessing cyber risks for the entire executive branch, and will require agency heads to develop plans to modernize aging information technology systems, a White House official told reporters, speaking on condition of anonymity.
Cyber breaches featured in the run-up to the Novenber 8th election, which Trump won over Democratic rival Hillary Clinton, most notably with the hacking and leaking of Democratic National Committee emails… Read More
The Trump administration is facing growing questions over a possible executive order on cybersecurity, including when it will be ready or if it’s coming at all.
The first inkling of an executive order on cybersecurity was the last week of January, when the Washington Post published a purported draft. That document called for a series of audits of government cyber readiness, including of workforce recruitment strategies and the threat from potential adversaries.
The White House then announced plans for an executive order, but briefed the press on a far more substantive plan, which President Trump was expected to sign on Tuesday.
On Tuesday afternoon, though, the White House announced a delay and scrapped the signing. They provided no details on when it would be ready or signed.
The more comprehensive order discussed with reporters would have given the Office of Management and Budget (OMB) a new role evaluating cybersecurity risks, akin to a corporate chief risk officer, but for all federal agencies.
It would have also required all agencies to abide by the National Institute of Standards and Technology (NIST) cybersecurity framework… Read More
The National Cybersecurity and Communications Integration Center is generally performing its required functions, but it needs to further evaluate and clarify its operating principles and performance metrics, the Government Accountability Office (GAO) said in a new report.
The Department of Homeland Security’s (DHS) NCCIC was created in 2009 and updated by the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015.
Those acts collectively task the NCCIC with 11 cybersecurity functions, such as serving as a federal-civilian interface for sharing cyber threat indicators, coordinating information sharing across the federal government and providing information and recommendations on security and resilience measures to federal and non-federal entities.
Further, the NCCIC is required to carry out its functions in accordance with nine governing principles that include ensuring the information shared is “timely, actionable, and relevant” and that “activities are prioritized and conducted based on the level of risk.”
According to the GAO investigation carried out from January 2016 through February 2017, the NCCIC has developed 43 products and services… Read More
When Israeli Prime Minister Benjamin Netanyahu meets with world leaders this month, strengthening cybersecurity ties will figure high on the agenda.
“What you see today is going to get a lot worse in the future if we don’t band together,” Netanyahu said at a cyber conference in Tel Aviv last week.
“That’s why I intend to raise the subject and discuss the subject of cooperation in cybersecurity in my upcoming visit in Washington with President Trump.”
Netanyahu, whose White House visit is scheduled for February 15th, said he’ll also bring up the subject when he meets on Monday with UK Prime Minister Theresa May.
Israel is a global force in cybersecurity, drawing 15 percent of all capital the industry raised in 2016, according to Start-Up Nation Central, a group that promotes Israeli startups.
Netanyahu has made developing the industry a priority, and last month, the US approved legislation to expand joint cyber research with Israel… Read More
Defense Department civilian jobs “critical” to cybersecurity are safe from the government-wide hiring freeze, according to a new memorandum released publicly Thursday.
“Positions required for cybersecurity and cyberspace operations or planning,” and jobs “required for execution of the cyber and intelligence lifecycle operations, planning or support” are exempt according to the memo out of the office of Deputy Defense Secretary Bob Work.
The memo doesn’t exclude wholesale all DoD cybersecurity vacancies, but “positions deemed critical to the execution of the function listed.”
In Thursday’s memorandum guiding the department’s implementation of President Donald Trump’s across-the-board federal hiring freeze, other positions at the DoD made the exemption list, including those required for space operations and others assigned to nuclear reactor and nuclear weapon safety and security.
Military personnel were already exempt under Trump’s memorandum, and administration officials clarified in a memo Tuesday that exemption extends to “military personnel in the armed forces and all Federal uniformed personnel… Read More
A bipartisan team of US Senators introduced new legislation Monday requiring the Department of Defense (DoD) to track cybersecurity skills in the National Guard and Reserve.
The DoD Emergency Response Capabilities Database Enhancement Act of 2017 would add a cybersecurity category to an already existing database that tracks the capabilities of National Guard and Reserve forces.
The bill was introduced by Senators Joni Ernst (R-IA), Deb Fischer (R-NE), and Kirsten Gillibrand (D-NY) – all of whom serve on the Senate Armed Services Committee – as well as Senator Chris Coons (D-DE).
“The reality is that cyber warfare is an emerging and ever-evolving battlefield, and we must use all available tools to protect our nation’s security, including those that already exist in our National Guard units,” said Ernst, who chairs the Emerging Threats and Capabilities Subcommittee.
“Many of our guardsmen work in the cyber and IT field in their civilian careers, and we must present more opportunities to harness their skillset to advance our nation’s cyber initiatives,” she added in a statement. Read More
Security professionals are constantly moving the chess pieces around, but it can be a losing battle.
Yet, there is one ally that has emerged in recent years. Artificial intelligence (AI) can stay vigilant at all times, looking for patterns in behavior and alerting you to a new threat.
While AI is not anywhere close to being perfect, experts tell CSO that machine learning, adaptive intelligence, and massive data models that can spot hacking much faster than any human are here to help.
“There are some groundbreaking AI solutions built around cyber security analytics,” says George Avetisov, the CEO and Cofounder of biometric security company HYPR.
“The processes behind threat intelligence and breach discovery have remained incredibly slow due to the need for a human element… Read More
“This next decade will be the decade of the small business.”
That assertion comes from Intuit in its “QuickBooks Future of Small Business Report,” which estimates that over the next decade the growth of small and micro businesses will accelerate from 30 million in 2016 to over 42 million in 2026.
According to Intuit, there are five technology trends that are reducing the costs and risks of operating a small business and engaging with customers around the world.
At the top of this list is world-class business infrastructure, such as cloud computing, available at variable costs so that small businesses can scale up and down based on need and pay only for what they use.
Intuit estimates that 62% of small businesses are operating in the cloud today, up 37% from just two years ago.
Intuit cites the other trends as insightful data, a growing pool of on-demand talent, online marketplaces, cost-effective online advertising and insightful data.
Businesses often set up virtual private networks, or VPNs, to protect against IT threats that can be introduced via remote workers using cloud services to access corporate data.
Because employees don’t always use those VPNs, though, Cisco has launched a new layer of protection: a secure Internet gateway (SIG) dubbed Umbrella.
Calling it “the industry’s first secure Internet gateway in the cloud,” Cisco said yesterday that Umbrella is designed to provide enterprise users with a safe way to access cloud services from anywhere via any device.
And because Umbrella is a cloud-based service, it’s fast and easy for customers to deploy without the need for new hardware or software, according to Cisco.
Built on the OpenDNS platform, Umbrella incorporates other Cisco technologies such as Cloud Web Security and Advanced Malware Protection.
Those integrations enable the gateway service to inspect files before they’re downloaded from potentially risky domains… Read More
Cloud computing refers to the business model of delivering IT services over the Internet on a subscription or pay-as-you-go basis.
SaaS, IaaS and PaaS comprise three primary cloud delivery models.
IaaS takes into account IT infrastructure resources such as servers and storage.
PaaS enables developers to use tools and services for building and testing applications, and SaaS allows companies to pay for business applications to run their internal operations, manage their sales force and improve customer relations.
There are three forms of cloud adoption: public cloud, private cloud and hybrid cloud.
Broadly speaking, in a public cloud, the IT resources used to deliver services such as compute, storage or applications are housed in a third party data center.
In a private cloud, those resources stay on the user organization’s premises, while hybrid cloud (as the name suggests) is a mash-up of the two… Read More
Only two weeks to go to meet the top IIoT thought leaders and innovators at Industry of Things World USA, the must-attend international Industrial Internet of Things event taking place in San Diego on February 20th-21st.
More than 450 IoT stakeholders and experts will attend the 2 day event Industry of Things World USA to discuss challenges, technologies and innovations defining the future of the Internet of Things.
Here is your last chance to meet them and join:
60+ case studies and interactive sessions with expert speakers from the BASF, HPE, RIA, UCLA, Konecranes, Wind River, the Manufacturing Institute, Microsoft, Schneider Electric, John Deere, Google, Caterpillar, Volvo and many more
Networking and benchmarking sessions with global-leading senior executives from Boeing, Coca-Cola, Denso, FCA Group, Ingersoll Rand, Johnson&Johnson, Lockheed Martin, Merck, Nestlé, TetraPak, The Hershey Company, Whirlpool amongst more than 450 IIoT end-users
The 2017 Creative Storage Conference (SM) (CS 2017) will include new sponsors and exhibitors Microsoft and StorageDNA.
The conference will be May 24th in Culver City, CA.
Submissions for presentations as well as sponsorships and exhibits are now available.
Presentations are now being solicited for the 2017 Creative Storage Conference (SM), until April 1st.
You can submit speakers/panelists for this premier event here.
The Eleveth Annual Creative Storage Conference (SM) (CS 2017) will be held at the DoubleTree Hotel West Los Angeles.
This event brings together digital storage providers, equipment and software manufacturers and professional media and entertainment end users to explore the conference theme of “The Next Act of Storage: Digital Storage Makes Art Happen.”
At CS 2017 you can find out the latest developments in digital storage for media and entertainment, find out how other media professionals meet their digital storage needs and network with industry professionals… Read More
Industry of Things World USA — February 20th-21st in San Diego, CA. Global leaders will gather to focus on monetization of the Internet of Things (IoT) in an industrial setting.
fintech:CODE — March 16th-17th in London, UK. A new international knowledge exchange platform bringing together all DevOps, IT, and IoT stakeholders who play an active role in the finance and tech scene. Key topics include software development, technical challenges for DevOps, DevOps security, cloud technologies and SaaS.
retail:CODE — March 16th-17th in London, UK. 20 real-life case studies, state-of-the-art keynotes, and interactive World Café sessions, 35+ influential speakers will share their knowledge at the intersection of the retail and technology sectors.
Delivery of Things World — April 24th and 25th in Berlin, Germany. Over 400 IT executives will discuss what DevOps really means for business. This event brings together all stakeholders to share their experience and expertise.
Security of Things World — June 12th and 13th in Berlin, Germany. A world class event focused on the next information security revolution. Security concerns that preoccupy enterprise customers today and pragmatic solutions to threats.
Autonomous Systems World – June 14th and 15th in Berlin, Germany. An international knowledge exchange among top experts in the field, providing a unique glimpse into the fascinating world of autonomous robots, intelligent machines, and smart technologies.