Self-driving car bill leaves cybersecurity rules open to interpretation

From: The Parallax

Earlier this month, the U.S. House of Representatives passed a bill designed to clarify the federal government’s role in overseeing the development and release of self-driving cars. As the Senate reviews the bill, known as the Safely Ensuring Lives Future Deployment and Research In Vehicle Evolution (Self-Drive) Act, security experts worry whether a resulting law would have enough gas to actually improve vehicle cybersecurity.


From: Office of Management and Budget

Table 2: Non-CFO Act Agencies’ Section 208(b) Performance Measures


Read Complete Report



From the Locking the Barn Door Department: New York State Issues Cybersecurity Regulation for Credit Rating Agencies

From: Albany Times-Union

Cuomo issues credit reporting regulation in wake of Equifax breach
Department of Financial Services rule would require credit reporting agencies to register with the state

By Matthew Hamilton

ALBANY — Gov. Andrew Cuomo’s administration on Monday proposed a new rule that would require credit reporting agencies to register with the state, subjecting them to strict cybersecurity standards in the wake of the recent Equifax hack.

Auto sector could offer model for streamlining cybersecurity regulations

From: Inside Cybersecurity

Joshua Higgins

The automotive industry could serve as a model for regulatory streamlining on cybersecurity — a key recommendation various groups have offered the Trump administration — as policymakers have begun developing tangible policies to address self-driving vehicles.

Last week brought the release of the National Highway Traffic Safety Administration’s second iteration of its autonomous vehicle policy. . . .

Read Complete Article [paywall]


Is universal end-to-end encrypted email possible (or even desirable)?

From: CSO

End-to-end email encryption is getting more attention as security and compliance concerns mount, but practical use cases are rapidly being eaten away by other technologies.



Non-email alternatives

One potentially useful purpose for end-to-end encrypted email is for doctors, banks, and lawyers to send sensitive documents to their customers. Sending these files through ordinary email is a security risk, but also a compliance violation in many regulated industries. Often, getting those users to sign up for an encrypted email service is a non-starter.