Cybersecurity Labeling System Coming to IoT Devices in 2023

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

EU’s Cyber Resilience Act Plans to Augment Security for IoT

The European Union has released additional details of its Cyber Resilience Act (CRA), proposed cybersecurity rules initially introduced last year aimed at the growing number of smart devices and the Internet of Things. The goal is to introduce effective regulations that would help curb surging cyberattacks. Major tech companies from Apple to Amazon and LG would need to meet strict new standards in the connected electronics space or face significant fines that could run as high as the greater of $15 million or 2.5 percent of a company’s worldwide revenue. Continue reading EU’s Cyber Resilience Act Plans to Augment Security for IoT

EU’s AI Act Could Present Dangers for Open-Source Coders

The EU’s draft AI Act is causing quite a stir, particular as it pertains to regulating general-purpose artificial intelligence, including guidelines for open source developers that specify procedures for accuracy, risk management, transparency, technical documentation and data governance, well as cybersecurity. The first law on AI by a major regulator anywhere, the proposed AI Act seeks to promote “trustworthy AI,” but some are critical that as written the legislation could hurt open efforts to develop AI systems. The EU is seeking industry input as the proposal heads for a vote this fall. Continue reading EU’s AI Act Could Present Dangers for Open-Source Coders

Password Era Coming to End as Providers Support Passkeys

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

States Fight Misinformation on Social Media Before Midterms

As various states undergo primary elections and the nation gears up for midterm elections in the fall, the social network misinformation machines are becoming more active, too. Connecticut is actively addressing the problem with a marketing budget of nearly $2 million to counter unfounded rumors. The state is also creating a new position to monitor the disinformation mill. Salaried at $150,000 per year, the job involves combing fringe sites like Gettr, Rumble and 4chan as well as mainstream social media sites to weed-out falsehoods before they go viral, alerting platforms to remove or flag such posts. Continue reading States Fight Misinformation on Social Media Before Midterms

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

CISA and FBI Warn of Possible Attacks on Satellite Networks

The U.S. government has issued a cybersecurity alert warning of “possible threats” to satellite communication networks and the country’s critical infrastructure. Concerned that recent attacks on European satellite networks could spread to the United States, a joint advisory published last week by the FBI and the Cybersecurity and Infrastructure Security Agency cited CISA’s “Shield’s Up” initiative, which warns that Russia’s invasion of Ukraine could trigger homeland attacks. The alert requests “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” Continue reading CISA and FBI Warn of Possible Attacks on Satellite Networks

Google to Spend $5.4 Billion for Cybersecurity Firm Mandiant

Alphabet has agreed to purchase cybersecurity firm Mandiant in a deal valued at nearly $5.4 billion. Mandiant — which services global enterprises, governments and law enforcement agencies — brings expertise that will fortify Alphabet’s Google Cloud with increased security at a time when businesses worldwide are focused on preventing cyberattacks. The deal, which is subject to regulatory approval, is expected to close later this year. The fact that Mandiant complements, rather than expands, Google’s sphere of influence should prove beneficial as Alphabet faces antitrust lawsuits from the Justice Department and U.S. states. Continue reading Google to Spend $5.4 Billion for Cybersecurity Firm Mandiant

TikTok Updates Safety for Minors, Expands Security Features

On the heels of its first Congressional hearing for product safety, TikTok has announced policy changes aimed at making the short-form video social platform safer and more secure, particularly for minors, LGBTQ and minority users. In October, TikTok vice president and head of public policy Michael Beckerman testified along with executives from Snapchat and YouTube, addressing questions from U.S. senators as to the social media site’s impact on teen eating disorders and fallout from dangerous hoaxes. The policy updates address those concerns and institute new cybersecurity measures intended to protect user data from unauthorized access. Continue reading TikTok Updates Safety for Minors, Expands Security Features

CES: Members of Congress Discuss Cybersecurity Concerns

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

CES: Government, Tech Firms Partner to Curtail Cyberattacks

During a panel at CES 2022, CTA specialist in government affairs Quentin Scholtz queried panelists from government and technology on their priorities and plans for stepping up effective enforcement against cyberattacks, especially those originating from nation states. Jamie Susskind, tech policy advisor for Senator Marsha Blackburn (R-Tennessee); former U.S. representative Will Hurd (R-Texas); and Samsung Electronics senior manager and counsel of public policy Eric Tamarkin offered complementary priorities on how to act in 2022 and going forward. Continue reading CES: Government, Tech Firms Partner to Curtail Cyberattacks

Lawmakers Urge Treasury Sanctions Against Spyware Firms

Human rights are center stage in a Congressional request to the U.S. Treasury Department for sanctions against Israeli spyware firm NSO Group and three additional foreign surveillance companies that allegedly aided authoritarian governments in committing criminal moral abuses. In a letter signed by Senate Finance Committee chairman Ron Wyden (D-Oregon), House Intelligence Committee chairman Adam Schiff (D-California) and 16 other Democratic lawmakers, Treasury was also asked to slap down UAE cybersecurity firm DarkMatter, European bulk surveillance mills Nexa Technologies and Trovicor, and top executives at those firms. Continue reading Lawmakers Urge Treasury Sanctions Against Spyware Firms

Major Security Vulnerability Triggers Worldwide Internet Crisis

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

U.S. to Limit Exporting Surveillance Tech to Certain Countries

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries