Seven Actions for Governors on Cybersecurity: A Transcript from the NGA Winter Meeting 2013

From: Government Technology

By Dan Lohrmann

Yesterday, I was given the opportunity to participate as a member of a panel entitled “States and Cybersecurity” at the National Governor’s Association (NGA) Winter meeting in Washington. This Health and Homeland Security Committee session was broadcast live on CSPAN and can be viewed here.

The other panelists discussing cybersecurity were Richard A. Clark, Chairman and CEO of Good Harbor Security Risk Management, and David Hannigan, Chief Information Security Officer at Zappos. We were asked to focus our opening remarks on action steps that states could take and not elaborate on the cybersecurity threat situation, which was covered in another briefing.

HTC Settles Flawed Phones Security Issue With FTC

From: Mobile & Apps

By Alexandra Burlacu

According to federal officials, more than 18 million HTC smartphones and other mobile devices had security flaws that raised serious privacy concerns.

The Taiwanese company is one of the biggest smartphone sellers in the U.S., but its smartphones reportedly had security flaws that could allow location tracking of users against their will or knowledge, as well as theft of personal information stored on said devices

The Federal Trade Commission (FTC) charged HTC with customizing the software on its Android- and Windows-based phones inappropriately. That customization allowed third-party apps install software that could steal personal information, sent text messages or even enable the device’s microphone to record the user’s conversations.

Cyber-Security: Stand Down, for Now, Congress

Editor’s Note:  The author overlooks the opportunity for Congress to ensure that the inevitable cybersecurity requirements on the private sector resulting from the Executive Order are applied in strict adherence with the “good government” laws to ensure cost-effectiveness.

From: Time Magazine

By Jerry Brito

Washington, it seems, can’t get no satisfaction.

After years of often-alarmist rhetoric about the threat of deadly cyber-attacks – and repeated calls for government to ‘do something’ to address the threat – President Obama has finally issued a comprehensive executive order on cyber-security.

Yet the reaction from politicians of both parties is that we still need new legislation.

Growing Black Market for Cyber-Attack Tools Scares Senior DoD Official

From: National Defense Magazine

By Stew Magnuson

A growing black market for zero-day vulnerabilities is allowing almost anyone with the cash to buy the means to launch destructive cyber-attacks against U.S.  industrial control systems, a senior Defense Department official said Feb. 22.

Zero-day vulnerabilities are previously undiscovered security holes in software such as Microsoft products. There has been a black market for those willing to sell knowledge of them for years. That market has now moved into the world of supervisory control and data acquisition (SCADA) systems that run power plants, said Eric Rosenbach, deputy assistant secretary of defense for cyber policy.

Cyber Executive Order Impacts Private Infrastructure and Network Protection

From: GovWin/Deltek

John Slye

After months of speculation the White House has released its much-anticipated Executive Order (EO) pursuing comprehensive cybersecurity protection of public & private critical infrastructure. The timing of the EO coincides with the President’s State of the Union Address and as the House Intelligence Committee reintroduces the Cyber Intelligence Sharing and Protection Act (CISPA) that passed the House during the last Congress but died without an up-or-down vote in the Senate.

The Executive Order on Improving Critical Infrastructure Cybersecurity  centers its efforts to strengthen cybersecurity critical infrastructure protection (CIP) through increased information sharing among industry and government and through standardized cybersecurity practices applicable across public and private infrastructures. Significant aspects include: