Security firm presses NIST on differences of cyber-physical threats in framework update

From: Inside Cybersecurity

Rick Weber

Waterfall Security is urging the National Institute of Standards and Technology to revise its framework of cybersecurity standards to emphasize the differences in cyber and physical threats to critical infrastructure, an issue that has become more pronounced with the emerging Internet of Things, according to the firm.

“The framework is confusing when applied to cybersecurity for critical physical infrastructure,” the firm argues in written comments to NIST. . . .

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

NASCIO: State CIOs Push for Federal Partnership on Cybersecurity

From: CivSource

Members of the National Association of State Chief Information Officers (NASCIO) are asking the federal government to strengthen its partnership with state-level technology officials when it comes to critical issues like cybersecurity. The advocacy session was part of NASCIO’s midyear conference currently underway in Washington D.C.

Colorado Moving to Set Financial Adviser Cybersecurity Rule

From: Bloomberg/BNA

By Tripp Baltz

Financial advisers and broker-dealers in Colorado may soon face the most far-reaching state cybersecurity requirements in the U.S. if a proposed rule is approved by the state Division of Securities.

The proposal, set for a May 2 hearing, would establish a more comprehensive cybersecurity regime than New York’s recent financial services security rule. The Colorado rule would reach financial advisers and broker-dealers untouched by the New York rule. Other states are expected to follow follow suit in adopting financial services cybersecurity rules.

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

FCC poised to release plan restoring FTC as cyber regulator for internet

From: Inside Cybersecurity

Rick Weber

The Federal Communications Commission is poised to release today a regulatory proposal to reverse Obama-era rules for the internet that is intended to re-establish the Federal Trade Commission as the pre-eminent regulatory agency for consumer data security and privacy.

Read Complete Article [paywall]

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Why Do IoT Companies Keep Building Devices with Huge Security Flaws?

From: Harvard Business Review

Andrew Tannenbaum

***

The problem is that many IoT devices are not designed or maintained with security as a priority. According to a recent study by IBM Security and the Ponemon Institute, 80% of organizations do not routinely test their IoT apps for security vulnerabilities. That makes it a lot easier for criminals to use IoT devices to spy, steal, and even cause physical harm.