Cyber Connections News Roundup: December 17

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

December 17, 2019

Recent Cyber Attack in New Orleans Highlights Vulnerability of State and Local Governments

According to a report on www.forbes.com and elsewhere, the City of New Orleans  suffered a cybersecurity attack serious enough for Mayor LaToya Cantrell to declare a state of emergency. A cybersecurity incident was detected around 11 a.m on Friday, December 13. As a precautionary measure, the city’s IT department gave the order for all employees to power down computers and disconnect from wi-fi. All city servers were also powered down, and employees were told to unplug any of their devices. This attack follows another that targeted the state of Louisiana in November, at which time school district computers were taken offline, and a state of emergency declared. Read more.

New Strategy Game from Circadence Aims to Stem Rise in Cyber Attacks During the Holiday Season

A recent article on www.10news.com warns of a rise in cybersecurity attacks during the holiday season. Predictably, a spike in online shopping will lead to a larger field of targets and, likely, more opportunities for stolen data, particularly credit card information. “If you’re saying ‘save my credit card information’, that is a risk that you’re taking for that convenience and it might not be worth it,” said Bradley Hayes, chief technology officer of Circadence, a cybersecurity education and training company. To help educate consumers, Circadence has rolled out InCyt, a web-based battle strategy game that allows users to experience the cyber world from both an offensive and defensive point of view. Read more.

Many Businesses Are Using NDAs to Hide Data Breaches

According to recent article on www.techhq.com, European companies are covering data breaches and possibly avoiding multi-dollar fines under the guise of non-disclosure agreements (NDAs). Citing a recent report on www.businessinsider.com, the article said that Europe’s GDPR (General Data Protection Regulation) legislation came into effect in May 2018 and has since then already led to landmark fines, such as that of British Airways— close to US$230 million— while Marriott was handed a US$123 million fine. NDAs, however, allow companies employing the services of cybersecurity firms to keep breaches confidential, as it is not a requirement for cybersecurity firms to report any incidents of data breaches on behalf of their clients. Read more.

Is Privacy Overshadowing Cybersecurity in Our National Debate?

A recent article on www.slate.com asks if cybersecurity has taken a backseat to privacy in our current national debate, mainly as a result of policy makers conflating the two issues and claiming to be addressing both. The article notes that privacy and cybersecurity are distinct. Privacy provides users with control over how businesses collect, use, and share their information. Cybersecurity prevents unauthorized parties from accessing, altering, or rendering unavailable their data, information systems, or connected devices. While congress focuses on passing a national privacy law, the U.S. lacks a comprehensive set of laws to protect information and critical systems from hackers. Read more.

New Cybersecurity Requirements from DoD Aim to Secure Supply Chain

According to the Department of Defense (www.defense.gov), by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts. According to Ellen Lord, the undersecretary of defense for acquisition and sustainment, a new cybersecurity maturity model certification (CMMC) program will help ensure that companies doing business with the department meet important cybersecurity requirements. The goal is a unified standard to secure the entire DoD supply chain. Read more.