Thursday, May 13, 2021

We’ll have to see if any of this can be completed in the time allowed.

https://www.bespacific.com/executive-order-on-improving-the-nations-cybersecurity/

Executive Order on Improving the Nation’s Cybersecurity

May 12, 2021: “Today, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals. These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses. However, the Colonial Pipeline incident is a reminder that federal action alone is not enough. Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents…”





Another example of a voting system not designed to produce unimpeachable results.

https://threatpost.com/e-voting-security-flaws/166110/

Researchers Flag e-Voting Security Flaws

A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory (ACT) Electoral Commission.

… “Secretive, unverifiable systems like the ones used in the ACT 2020 election make it relatively easy to change the recorded list of votes cast, in a way that observers cannot notice,” they said. “It also makes accidental errors more likely to remain undetected.”





Interesting. Some day there may be a bot for every state! Or the law may require such a tool.

https://www.bespacific.com/privacybot/

PrivacyBot

Berkeley MIMS Final Project 2021 – “PrivacyBot is a free and open-source way to delete your data from an exhaustive list of data brokers and people search sites. The largest statewide privacy law change in a generation, the California Consumer Privacy Act (CCPA) went into effect in January 2020. However, exercising these privacy rights is a tricky business even for privacy experts. A survey we conducted within a few privacy-related subreddits showed that tracking down data brokers is “a huge pain in the [neck]”.

We introduce “PrivacyBot”, a simple way to start exercising your privacy rights. Our deliverables include:

    • A fully open-source local-only system that automatically routes data delete requests to data brokers and people search sites

    • User experience research reports about current CCPA processes and feedback

    • Shareable insights and data visualizations about the request process…”





Naming specific tools is less comprehensive than describing the process.

https://www.pogowasright.org/nyc-council-passes-data-privacy-bill-that-would-impose-rigorous-requirements-on-owners-of-smart-access-buildings/

NYC Council Passes Data Privacy Bill That Would Impose Rigorous Requirements On Owners of “Smart Access” Buildings

Damon W. Silver and Gregory C. Brown Jr. of JacksonLewis write:

As we noted in our last post, there has been a flurry of data privacy and security activity in New York, with the State appearing poised to join California as a leader in this space. Most recently, on April 29, 2021, the New York City Council passed the Tenant Data Privacy Act (“TDPA”), which would impose on owners of “smart access” buildings obligations related to their collection, use, safeguarding, and retention of tenant data.
Under the TDPA, a “smart access” building is one that uses electronic or computerized technology (e.g., a key fob), radio frequency identification cards, mobile phone applications, biometric information (e.g., fingerprints, voiceprints, hand or face geometry), or other digital technology to grant entry to the building, or to common areas or individual dwelling units therein.

Read more on Workplace Privacy, Data Management & Security Report





Systems that automate bias.

https://fpf.org/blog/automated-decision-making-systems-considerations-for-state-policymakers/

AUTOMATED DECISION-MAKING SYSTEMS: CONSIDERATIONS FOR STATE POLICYMAKERS

In legislatures across the United States, state lawmakers are introducing proposals to govern the uses of automated decision-making systems (ADS) in record numbers. In contrast to comprehensive privacy bills that would regulate collection and use of personal information, automated decision-making system (ADS) bills in 2021 specifically seek to address increasing concerns about racial bias or unfair outcomes in automated decisions that impact consumers, including housing, insurance, financial, or governmental decisions.

So far, ADS bills have taken a range of approaches, with most prioritizing restrictions on government use and procurement of ADS (Maryland HB 1323 ); requiring inventories of government ADSs currently in use (Vermont H 0236 ); impact assessments for procurement (CA AB-13 ); external audits (New York A6042 ); or outright prohibitions on the procurement of certain types of unfair ADS (Washington SB 5116 ). A handful of others would seek to regulate commercial actors, including in insurance decisions (Colorado SB 169 ), consumer finance (New Jersey S1943 ), or the use of automated decision-making in employment or hiring decisions (Illinois HB 0053, New York A7244 ).

At a high level, each of these bills share similar characteristics. Each proposes general definitions and general solutions that cover specific, complex tools used in areas as varied as traffic forecasting and employment screening. But the bills are not consistent with regard to requirements and obligations. For example, among the bills that would require impact assessments, some require impact assessments universally for all ADS in use by government agencies, others would require impact assessments only for specifically risky uses of ADS. 





Because I was an Auditor for lots of years and did build some automated audit tools.

https://www.cpomagazine.com/cyber-security/compliance-made-easy-how-to-improve-your-risk-posture-with-automated-audits/

Compliance Made Easy: How To Improve Your Risk Posture With Automated Audits

Compliance standards come in many different shapes and sizes. Some organizations set their own internal policies, while others are subject to regimented global frameworks such as PCI DSS, which protects customers’ card payment details; SOX to safeguard financial information or HIPAA, which protects patients’ healthcare data.

Regardless of which industry you operate in, regular auditing is key to ensuring your business retains its risk posture whilst also remaining compliant. The problem is that running manual risk and security audits can be a long, drawn-out, and tedious affair. A 2020 report from Coalfire and Omdia found that for the majority of organizations, growing compliance obligations are now consuming 40% or more of IT security budgets and threaten to become an unsustainable cost.

The report suggests two reasons for this growing compliance burden. First, compliance standards are changing from point-in-time reviews to continuous, outcome-based requirements. Second, the ongoing cyber-skills shortage is stretching organizations’ abilities to keep up with compliance requirements. This means businesses tend to leave them until the last moment, leading to a rushed audit that isn’t as thorough as it could be, putting your business at increased risk of a penalty fine or, worse, a data breach that could jeopardize the entire organization.





Narrow market, large fine.

https://techcrunch.com/2021/05/13/google-hit-with-123m-antitrust-fine-in-italy-over-android-auto/?guccounter=1

Google hit with $123M antitrust fine in Italy over Android Auto

Google has been fined just over €100 million (~$123M) by Italy’s antitrust watchdog for abuse of a dominant market position.

The case relates to Android Auto, a modified version of Google’s mobile OS intended for in-car use, and specifically to how Google restricted access to the platform to an electric car charging app, called JuicePass, made by energy company Enel X Italia.





Keep learning!

https://www.businessinsider.com/linkedin-learning-popular-free-online-classes-2021

These 10 LinkedIn Learning classes teach the most in-demand skills companies are looking for — and the courses are free until the end of May

To help gain some insight into what to focus on, LinkedIn just released the top five trending skills based on LinkedIn Learning data from LinkedIn's top 50 companies.

Additionally, LinkedIn made some of its LinkedIn Learning courses to learn these skills completely free through May 31. That means that you can earn a certificate of completion to add to your LinkedIn profile so long as you're signed into LinkedIn and finish the courses before the end of May.



No comments: