Biden Restricts the Government Use of Commercial Spyware

In what the White House says is a precedent-setting move, President Biden has signed an executive order prohibiting use by the U.S. Government of “commercial spyware,” powerful cyber technology used by state actors to spy on journalists, dissidents and human rights activists. The White House defined the class of apps as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users,” explaining such technology “has proliferated in recent years with few controls and high risk of abuse.” Continue reading Biden Restricts the Government Use of Commercial Spyware

Senate RESTRICT Act Cracks Down on Tik Tok, Foreign Tech

A bipartisan Senate bill to mitigate risks from adversarial nations is making its way around the hill. The Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act directs the Commerce Department to implement procedures that “identify, deter, disrupt, prevent, prohibit and mitigate” foreign technology threats, as well as requiring Commerce to make available to intelligence agencies declassified information on the nature of the risk. The legislation is the most recent salvo by Congress in its attempt to repel invasive technologies by countries whose values clash with ours, exemplified by TikTok and China. Continue reading Senate RESTRICT Act Cracks Down on Tik Tok, Foreign Tech

Biden Advocates Tougher Cybersecurity for Private Enterprise

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan. Continue reading Biden Advocates Tougher Cybersecurity for Private Enterprise

CTOs Prioritize Controlling Cloud in Tough Economic Climate

As technology leaders manage pressure to control costs, cloud computing expenditures are getting increased scrutiny. Dedicated teams to manage cloud spending and dedicated tools designed to increase efficiencies are two of the measures being employed. The result is that while cloud spending continues to increase, it is at a slower pace than had been expected. The latest Gartner projection posits worldwide growth of 18.5 percent, to $576.5 billion this year, slightly less than the 18.8 percent uptick previously forecast. This follows a Synergy Research finding of 27 percent Q4 U.S. growth, lagging the 31 percent expected. Continue reading CTOs Prioritize Controlling Cloud in Tough Economic Climate

Cloud Platforms Combine Security, Operations for Efficiency

A new generation of cybersecurity solutions is gaining attention for merging corporate networks with security tools like malware protection into one system that can be centrally managed. Akamai, Cisco, Cloudflare, Zscaler, Palo Alto Networks and others have begun offering consolidated cybersecurity platforms that span IT, operations and security, leveraging resources and theoretically reducing costs through shared expenses. Having all eyes on traffic and workloads via a single framework may also make it possible for chief information officers and IT personnel to be more effective and focused. Continue reading Cloud Platforms Combine Security, Operations for Efficiency

Business World Asks if Generative AI is Ready for Enterprise

IT pros are grappling with the ways ChatGPT can be worked into the enterprise stack. The generative artificial intelligence from OpenAI has demonstrated the ability to compile reports, craft marketing pitches and write software code, which makes it seem convenient for business use. Yet concerns remain, including potential security risks and sometimes erratic or inappropriate data feedback. In the past week, one third-party tester had ChatGPT pledge love for its interlocutor, while another received a detailed lecture on why cow eggs are bigger than chicken eggs. Continue reading Business World Asks if Generative AI is Ready for Enterprise

Feds Say Time to Prep for Y2Q Quantum Computer Hacking

Quantum computing promises future benefits, but also poses present-day cybersecurity risks that the federal government is urging commercial businesses to prepare for now. In fact, a law passed in December, the Quantum Computing Cybersecurity Preparedness Act, requires federal agencies to develop security plans addressing the vulnerability posed by the so-called “Y2Q” moment. Quantum computers are so quick and efficient as to be able to crack virtually any encryption. Although quantum computing is still in the development stage, the machines are expected to reach practical operability by 2030. Continue reading Feds Say Time to Prep for Y2Q Quantum Computer Hacking

CES: Federal Tech and Innovation Priorities for the New Year

Senator Jacky Rosen (D-Nevada), a former computer programmer, brought Senator Mark Warner (D-Virginia) and Ben Ray Luján (D-New Mexico) to the CES stage to talk about their top technology interests in the new year. All of them serve on committees with core interests in the future of technology. In addition to serving on six committees, Rosen is on the subcommittee on cybersecurity; Warner is chair of the Senate Select Committee on Intelligence among other committee assignments; and Luján is a member of the Committee on Commerce, Science and Transportation among others. Continue reading CES: Federal Tech and Innovation Priorities for the New Year

CES: Focus on People Component for Strong Cyber Strategy

Cybersecurity was a major topic at CES 2023, and one panel described strategies around one of the important and often ignored components: people. Moderated by Strategic Cyber Ventures chief executive Hank Thomas, panelists examined people’s personal relationship with cybersecurity, how they fall victim to cybercrime and how they could be incentivized to take more responsibility for their online activities. Terranet Ventures executive in residence Carole House, who was recently director of cybersecurity at the National Security Council in The White House, said that seeing individuals badly impacted “elevates cybercrime as a national imperative.” Continue reading CES: Focus on People Component for Strong Cyber Strategy

CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

At a CES panel, CISA director Jen Easterly sounded the alarm on the current state of cybersecurity in the U.S. “We cannot accept that ten years from now it will be the same or worse than it is now,” she said. “All the critical infrastructure we rely on is underpinned by a technology base that was created in an insecure way.” As head of the Cybersecurity and Infrastructure Security Agency, Easterly is in a position to assess the coming damage, projected to be $8 trillion this year. Moderator Rajeev Chand, Wing Venture Capital partner led Easterly and CrowdStrike chief executive George Kurtz in a discussion on how to halt the increase of cyber-insecurity. Continue reading CES: As Risks Rise, Experts Reimagine Path to Cyber Safety

Cybersecurity Labeling System Coming to IoT Devices in 2023

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

EU’s Cyber Resilience Act Plans to Augment Security for IoT

The European Union has released additional details of its Cyber Resilience Act (CRA), proposed cybersecurity rules initially introduced last year aimed at the growing number of smart devices and the Internet of Things. The goal is to introduce effective regulations that would help curb surging cyberattacks. Major tech companies from Apple to Amazon and LG would need to meet strict new standards in the connected electronics space or face significant fines that could run as high as the greater of $15 million or 2.5 percent of a company’s worldwide revenue. Continue reading EU’s Cyber Resilience Act Plans to Augment Security for IoT

EU’s AI Act Could Present Dangers for Open-Source Coders

The EU’s draft AI Act is causing quite a stir, particular as it pertains to regulating general-purpose artificial intelligence, including guidelines for open source developers that specify procedures for accuracy, risk management, transparency, technical documentation and data governance, well as cybersecurity. The first law on AI by a major regulator anywhere, the proposed AI Act seeks to promote “trustworthy AI,” but some are critical that as written the legislation could hurt open efforts to develop AI systems. The EU is seeking industry input as the proposal heads for a vote this fall. Continue reading EU’s AI Act Could Present Dangers for Open-Source Coders

Password Era Coming to End as Providers Support Passkeys

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys