The ‘huge’ hole in the government’s Russian software ban

From: Politico

DHS’ ban on Kapersky software doesn’t cover networks that contractors operate, even though employees may use them to discuss government work.

The Trump administration’s order barring certain Russian software from government networks doesn’t fully cover one troubling vulnerability — the teeming ranks of government contractors.

That omission could leave open gateways for hackers looking to pilfer government secrets, cybersecurity specialists warn, something that has reportedly happened in recent years with contractors from the CIA and the NSA. But legal experts say the government has only limited ability to require contractors to uproot Kaspersky Lab’s products from their computers.

Cyber Security Regulation by Litigation will Blossom in Absence of Effective Federal Intervention

Editor’s Note: For more about Regulation by Litigation, see here.

From: CSO

Equifax now hit with a rare 50-state class action
With a rare 50-State class action suit now being served against Equifax, this highly-publicized case highlights the massive costs and critical damage that companies could face in the wake of a cybersecurity attack. It should serve as a particular warning to companies that hold large quantities of highly sensitive personal information to ensure they have the most effective cybersecurity protocols in place well before an incident occurs.


UK regulator has ‘huge concerns’ over Uber breach

From: BBC

The UK’s information commissioner has “huge concerns about Uber’s data policies and ethics” following a breach that exposed the details of 57 million customers and drivers.

Uber did not tell anyone about the breach and paid a ransom to hackers to delete the data.

Deputy commissioner James Dipple-Johnson said these actions were unacceptable.

Read Complete Article



How AI can make use of DOD’s data stockpile

From: FCW

By Derek B. Johnson

The Pentagon is sitting on a hoard of data but doesn’t know what to do with it. A new report from George Washington University’s Center for Cyber and Homeland Security makes the case that artificial intelligence — powered by cloud computing and big data analytics — is the solution.

How bad is the problem? The GWU report estimates that “probably 99%-plus of the data that [DOD] collects is dark [and] never exploited. It just sits someplace, waiting for daylight.”

Read Complete Article


U.S. businesses call for regulatory harmonization as EU cyber rule deadline looms

Editor’s Note: For more on US-EU cyber security regulatory harmonization, see here.

From: Inside Cybersecurity

Joshua Higgins

Industry participants in last week’s U.S.-European Union Cyber Dialogue urged government officials about the need to harmonize cyber regulations across EU member states, as the EU’s new General Data Protection Regulation goes into effect in May.

U.S. business leaders are raising concerns about consistency among EU member states in advance of the new rules, arguing that a lack of clarity could harm transatlantic commerce as companies scramble to comply with strict cybersecurity requirements that carry severe penalties.