Welcome to MeriTalk News Briefs, where we bring you all the day’s action that didn’t quite make the headlines. No need to shout about ‘em, but we do feel that they merit talk.
House Committee Clears Intel Authorization Bill
The House Intelligence Committee voted today to approve the Intelligence Authorization Act for fiscal years 2018 and 2019. The committee said the bill, among other items, supports national security programs “focused on countering threats from China as well as cyberattacks,” provides increased compensation for cybersecurity workforce, creates an infrastructure security center at the Department of Energy, and helps defend against election interference by requiring the Director of National Intelligence to publish an unclassified report on foreign counterintelligence and cybersecurity threats to election campaigns for Federal offices.
House Science Approves NIST Reauthorization Act
The House Science, Space, and Technology Committee on Wednesday approved the National Institute of Standards and Technology (NIST) Reauthorization Act. The bill would boost NIST’s core scientific and technical research and services lab budget by $130 million, accelerate its work on quantum information science research and standards, require the agency to enhance and expand guidance and assistance to Federal agencies in their implementation of NIST’s critical infrastructure cybersecurity framework, support artificial intelligence and big data science research and development, and encourage NIST “to continue to examine the Internet of Things (IoT) capabilities and the growing measurement and security challenges created by the convergence of digital technologies with the physical world,” the committee said.
IRS Looking for Cloud AI Platform for Cyber Threats
The Internal Revenue Service on Wednesday issued a request for information (RFI) on Wednesday for its cybersecurity division, citing “a business need for an artificial intelligent (AI) machined-based (sic) analytical platform to proactively detect and respond to cyber- and insider-related threats.” While not a solicitation for proposals, the RFI aims to help IRS get a better sense of the marketplace to inform future acquisitions. Beyond the use of AI and machine learning to extract insights from stores of data, IRS wants information on products with a customizable user interface, and “intends to leverage a Big Data Cloud that is deployable in System High FEDRAMP GovCloud.” Interested parties are instructed to send responses by July 26.
House Panel Okays Quantum Initiative Act
The House Science, Space, and Technology Committee on Wednesday voted to approve H.R.6227, the National Quantum Initiative Act, which would coordinate a Federal program to accelerate quantum research and development “for the economic and national security” of the United States. Among other things, the bill would establish a National Quantum Coordination Office in the White House Office of Science and Technology to serve as a central point of contact for stakeholders and promote commercialization of Federal research, support basic quantum science research and standards development at the National Institute for Standards and Technology, and fund related research by the Department of Energy and the National Science Foundation.
NIST Releases Video Highlighting Human Factor in Phishing Attacks
NIST on Wednesday released a video that discusses the nature of phishing email attacks and why employees continue to fall prey to them. Leveraging human factors research, NIST discussed how the targeted relevance to a particular employee’s job functions can play a very large role in whether or not they click the fraudulent emails. “Organizations can improve their defense strategies by considering the team’s broader findings, which are based on more than four years of data gathered by the NIST team in a real-world work environment,” NIST said. The landing page also highlights additional resources–both published and forthcoming–that discuss recommendations for chief information officers to combat phishing scams.
Following Breach, Equifax Agrees to Stricter Data Security Measures
Credit reporting firm Equifax must now incorporate strong data security measures following a breach last year which impact 147.9 million Americans. The new security measures come from a consent order reached with the firm and signed by regulators from California, Texas, New York, North Carolina, Massachusetts, Georgia, Alabama and Maine. “The consent order requires Equifax to implement corrective actions to shore up weaknesses across a wide spectrum of its information technology and data security operations,” said a statement from the California Department of Business Oversight. “Areas covered by the order include: information security, audit functions, board and management oversight, vendor management, patch management and information technology operations.” The order also imposes deadlines for Equifax to take the required corrective actions. Additionally, Equifax must also provide the regulators with progress reports.
Marketing Firm Exactis Leaks 340 Million Records of Americans, Businesses
Several news outlets on Wednesday reported that a relatively unknown, Florida-based marketing and data aggregation firm called Exactis had exposed 340 million American records–on roughly 230 million consumers and 110 million businesses–by leaking the data on a public internet server. The total lot amounts to nearly 2 terabytes of data, and includes details well beyond basic personal identifiers such as names and addresses. “Each record contains entries that go far beyond contact information and public records to include more than 400 variables on a vast range of specific characteristics,” Wired wrote. The leaked data did not include financial information or Social Security numbers. It is not clear whether or not malicious actors have attempted to access or use the information, but various outlets noted that the server was relatively accessible–and unprotected by a firewall–although it has since been protected and is no longer accessible.