A Review of the Best News of the Week on Cybersecurity Management & Strategy

Panel outlines massive federal cybersecurity overhaul (POLITICO, Mar 11 2020)
The Cyberspace Solarium Commission made more than 75 recommendations based on 30 meetings, 300 interviews and nearly a year of work.

Live Coronavirus Map Used to Spread Malware (Krebs on Security, Mar 12 2020)
“Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.

High-Stakes Security Setups Are Making Remote Work Impossible (Wired, Mar 13 2020)
Staffers at power grids, intelligence agencies, and more often don’t have the option to work from home, even in light of Covid-19.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

The EARN IT Act Is a Sneak Attack on Encryption (Wired, Mar 05 2020)
The crypto wars are back in full swing. 

Facilities That Lost Data Center Status at Increased Risk of Cyberattacks: GAO (SecurityWeek, Mar 09 2020)
Federal agencies participating in the Office of Management and Budget’s (OMB) Data Center Optimization Initiative (DCOI) report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will continue to operate are at increased risk of being hacked, the U.S. Government Accountability Office (GAO) warned last week.

Two People Who Attended Cyber Event Contract Coronavirus (Bloomberg, Mar 11 2020)
Two cybersecurity company employees who attended an annual industry conference last month in San Francisco have tested positive for the coronavirus. At least one is seriously ill with respiratory issues.

The EARN-IT Act (Schneier on Security, Mar 13 2020)
Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes

WatchGuard Announces Intention to Acquire Panda Security (Infosecurity Magazine, Mar 09 2020)
Paul McKay, senior analyst at Forrester, told Infosecurity that he felt the acquisition makes sense for WatchGuard to expand its reach and dominance in the SMB market, and for the small MSP/MSSP space serving this market. “It takes them into endpoint security, allowing them to offer a complete package offering,” he said

Human Error Linked to 60% of Security Breaches (Infosecurity Magazine, Mar 10 2020)
Gallagher study finds companies exposed to service outages and data loss risks

Los Angeles Utility Accused of Cybersecurity Coverup (Infosecurity Magazine, Mar 10 2020)
The LA Department of Water and Power allegedly concealed gaps in its cybersecurity from regulators

Trial for accused CIA leaker ends in hung jury (Naked Security – Sophos, Mar 11 2020)
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA’s cyber arsenal.

Hackers Hack Hacking Tools to Hack Hackers (SecurityWeek, Mar 10 2020)
Researchers Uncover Campaign Where Attackers Are Trojanizing Multiple Hacking Tools Used by Other Attackers

Ransoming government (Deloitte, Mar 11 2020)
As malware attacks increasingly hold various governments ransom over critical data, to pay or not to pay can become an impossible dilemma. Taking simple steps to secure IT infrastructure and data can help government organizations avoid this dilemma.  

The human element in security is still needed to combat application vulnerabilities (Help Net Security, Mar 13 2020)
While over half of organizations use artificial intelligence or machine learning in their security stack, nearly 60 percent are still more confident in cyberthreat findings verified by humans over AI, according to WhiteHat Security.

Trump Signs Bill to Help Telecoms Replace Huawei Equipment (SecurityWeek, Mar 13 2020)
President Donald Trump on Thursday signed into law a bill that provides $1 billion to help small telecom providers replace equipment made by China’s Huawei and ZTE.