US DMCA rules updated to give security experts legal backing to research

Editor’s Note: The U.S. Copyright Office’s Final Rule “Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies” is available here.

From: ZDNet

It’s taken years, but finally, cybersecurity professionals have been given license to reverse engineer technology.

By

The US government have updated and published a new list of exemptions to the Digital Millennium Copyright Act, a move perhaps long-overdue which will protect cybersecurity professionals from prosecution when reverse-engineering products for research purposes.

On Friday, the US Copyright Office and the Librarian of Congress published the updated rules on the federal register.

Should Insecure IoT Devices Be Banned?

Editor’s Note: Also see, Problems Reappear for IoT Devices Owners with Discovery of New DDoS Trojan.

From: Government Technology

After the Mirai botnet was recently used to bring down large portions of cyberspace, there have been new calls for regulating Internet of Things (IoT) devices. Since the voluntary IoT security approach is clearly failing, what can we expect moving forward? Are better standards needed? Should government mandate more security for IoT devices for consumer protection? Let’s explore.

by Dan Lohrmann

After plenty of talk and minimal action on securing new Internet of Things (IoT) devices for several years, many security and technology industry experts knew this was coming.

Business Executives for National Security Issue Paper: Private Partnerships, Public Safety

From: Business Executives for National Security (BENS)

How a More Networked Approach to Public Safety can Improve Our Ability to Navigate a Complex Threat Environment
V. Conclusion

“The Soft Changes” Today’s threat environment is complex. Terrorist entrepreneurs are enabled by technological innovations (including advances in communication and secure messaging technologies) to target privately owned establishments with increasingly deadly results. This requires a more collaborative and integrated approach to public safety, one in which the private sector, state and major urban area fusion centers, and state HSAs are adequately empowered and linked at the community level. Such horizontal linkages are critical to accessing and incorporating non-traditional sources of information and creating new partnerships with public health, education, religious, and civic leaders to utilize their unique perspective and strengths.

A COMMON CYBER THREAT FRAMEWORK

From: ISE.gov | Information Sharing Environment

The US government is working to support common business practices for cyber threat information sharing.  In the last year, President Obama signed the Cybersecurity Information Sharing Act into law and the Department of Homeland Security (DHS) rolled out its Automated Indicator Sharing (AIS) program.  The AIS program is designed to support machine-to-machine exchange of the technical building blocks of a cyber intrusion, things like IP addresses, domain names, and file hash values.  The Office of the Director of National Intelligence (ODNI) Cyber Threat Framework provides “a simple, yet flexible, collaborative data reporting schema for describing the threat environment that supports analysis, senior-level decision making, and cybersecurity.”  The Cyber Threat Framework allows analysts to “bin” cyber activity into stages relative to the seriousness of the incident.  Those stages, listed below with sub-bullets, provide examples of the activity:

Angela Merkel: internet search engines are ‘distorting perception’

Editor’s Note: See, Do Search Engines (Google) “Harm Minority Owned Businesses”?

From: The Guardian

A lack of transparency about algorithms is endangering debate, German chancellor tells media conference

in Berlin

Angela Merkel has called on major internet platforms to divulge the secrets of their algorithms, arguing that their lack of transparency endangers debating culture.

***

Speaking to a media conference in Munich, Merkel said: “I’m of the opinion that algorithms must be made more transparent, so that one can inform oneself as an interested citizen about questions like ‘what influences my behaviour on the internet and that of others?’.