Tom Gann – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Wed, 18 Sep 2019 17:29:37 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Tom Gann – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/important-updates-to-dhss-cdm-program-help-ensure-programs-effectiveness/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/important-updates-to-dhss-cdm-program-help-ensure-programs-effectiveness/#respond Thu, 19 Sep 2019 15:00:31 +0000 https://securingtomorrow.mcafee.com/?p=96757

The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is a key component of the federal government’s cybersecurity posture. This important program provides real-time, continuous monitoring of federal networks while also auditing networks for unauthorized changes. While the CDM program has been a boon to the security of many civilian agencies, there […]

The post Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness appeared first on McAfee Blogs.

]]>

The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is a key component of the federal government’s cybersecurity posture. This important program provides real-time, continuous monitoring of federal networks while also auditing networks for unauthorized changes.

While the CDM program has been a boon to the security of many civilian agencies, there are opportunities to make it even stronger, and recent legislation introduced in both the House and Senate is vital to the continued success of the program. Just this month, Reps. John Ratcliffe (R-TX) and Ro Khanna (D-CA) introduced the Advanced Cybersecurity Diagnostics and Mitigation Act, which codifies the CDM program and encourages further innovation that will improve the federal government’s cyber readiness for years to come,  helping prevent cyberattacks and intrusions by bad actors.

In addition to officially codifying the program, this bill includes other important requirements that will keep CDM up to date and effective, including:

  • The deployment of new CDM technologies
  • The availability of CDM capabilities for civilian departments and agencies, as well as state and local governments
  • A mandate that DHS develop a strategy to ensure CDM is constantly preparing for the changing cyber threat landscape

Perhaps most importantly, this bill puts a new focus on continuous monitoring as a capability that tools federal agencies use every day should have. This key focus is critical to enabling the federal government to better handle and respond to cyberattacks and other intrusions. While preventing these types of attacks is always the priority, Congress must also equip the federal government with the tools they need to properly handle the worst-case scenario: an attack that impacts the government’s ability to function or one that puts sensitive information at risk.

At McAfee, we’re working every day to help federal, state and local governments better prepare for the threats of today and tomorrow, both on-premises and in cloud and multi-cloud environments. CDM is an ideal vehicle for agencies to use cloud to secure and protect citizen data, provide modernized services and more. Indeed, moving applications and infrastructure to the cloud is one of the innovations CDM should encourage.

Reps. Ratcliffe and Khanna’s bill is identical to its Senate counterpart (S.2318), introduced earlier this summer by Senators John Cornyn (R-TX) and Maggie Hassan (D-NH). These two bills go a long way to building on CDM with important new language that focuses on the innovation companies like McAfee invest in every day to better secure the nation’s cybersecurity posture to better tackle the onslaught of cyber threats facing us every day. We look forward to continuing to work with leaders in Congress to tackle these important issues and to constantly improve CDM.

The post Important Updates to DHS’s CDM Program Help Ensure Programs Effectiveness appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/important-updates-to-dhss-cdm-program-help-ensure-programs-effectiveness/feed/ 0
Modernizing FedRAMP is Essential to Enhanced Cloud Security https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/modernizing-fedramp-is-essential-to-enhanced-cloud-security/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/modernizing-fedramp-is-essential-to-enhanced-cloud-security/#respond Tue, 10 Sep 2019 15:07:01 +0000 https://securingtomorrow.mcafee.com/?p=96605

According to an analysis by McAfee’s cloud division, log data tracking the activities of some 200,000 government workers in the United States and Canada, show that the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages. The use of unauthorized applications creates severe security […]

The post Modernizing FedRAMP is Essential to Enhanced Cloud Security appeared first on McAfee Blogs.

]]>

According to an analysis by McAfee’s cloud division, log data tracking the activities of some 200,000 government workers in the United States and Canada, show that the average agency uses 742 cloud services, on the order of 10 to 20 times more than the IT department manages. The use of unauthorized applications creates severe security risks, often resulting simply from employees trying to do their work more efficiently.

By category, collaboration tools like Office 365 or Gmail are the most commonly used cloud applications, according to McAfee’s analysis, with the average organization running 120 such services. Cloud-based software development services such as GitHub and Source Forge are a distant second, followed by content-sharing services. The average government employee runs 16.8 cloud services, according to the 2019 Cloud Adoption and Risk Report. Lack of awareness creates a Shadow IT problem that needs to be addressed.  One of the challenges is that not all storage or collaboration services are created equally, and users, without guidance from the CIO, might opt for an application that has comparatively lax security controls, claims ownership of users’ data, or one that might be hosted in a country that the government has placed trade sanctions on.

To help address the growing challenge of security gaps in IT cloud environments, Congressmen Gerry Connolly (D-VA), Chairman of the House Oversight and Reform Committee’s Government Operations Subcommittee, and Mark Meadows (R-NC), Ranking Member of the Government Operations Subcommittee, recently introduced the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act (H.R. 3941). The legislation would codify FedRAMP – the program that governs how cloud security solutions are deployed within the federal government, address agency compliance issues, provide funding for the FedRAMP Project Management Office (PMO) and more. The FedRAMP Authorization Act would help protect single clouds as well as the spaces between and among clouds. Since cloud services are becoming easier targets for hackers, McAfee commends these legislators for taking this important step to modernize the FedRAMP program.

FedRAMP provides a standardized approach to security assessment and monitoring for cloud products and services that agency officials use to make critical risk-based decisions. Cloud solutions act as gatekeepers, allowing agencies to extend the reach of their cloud policies beyond their current network infrastructure. To monitor data authentication and protection within the cloud, cloud access security brokers, or CASBs, allow organizations deeper visibility into their cloud security solutions. In today’s cybersecurity market, there are many cloud security vendors, and organizations therefore have many solutions from which to choose to enable them to secure their cloud environments.  McAfee’s CASB, MVISION Cloud, helps ensure that broad technology acquisitions maintain or exceed the levels of security outlined in the FedRAMP baselines.

McAfee supports the FedRAMP Authorization Act, which would bring FedRAMP back to its original purpose by providing funding for federal migration and mandating the reuse of authorizations. FedRAMP must be modernized to best serve government agencies and IT companies. We look forward to working with our partners in Congress to move this legislation forward. Additionally, we have seen that agencies overuse waivers to green light technology that sacrifices security for expediency.  We must find a better way to thread this needle and ensure that broad technology acquisitions maintain or exceed the levels of security outlined in the FedRAMP baselines as this bill works its way through the legislative process and finds its way to the President’s desk for signature into law.

The post Modernizing FedRAMP is Essential to Enhanced Cloud Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/modernizing-fedramp-is-essential-to-enhanced-cloud-security/feed/ 0
House Actions on Election Security Bode Well for 2020 https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/house-actions-on-election-security-bode-well-for-2020/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/house-actions-on-election-security-bode-well-for-2020/#respond Tue, 09 Jul 2019 15:00:52 +0000 https://securingtomorrow.mcafee.com/?p=95799

As a U.S. cybersecurity company, McAfee supports legislation that aims to safeguard U.S. election security. After the 2016 election, McAfee sees the importance of improving and preserving election security; we even offered free security tools to local election boards prior to the 2018 elections and released educational research on how localities can best protect themselves […]

The post House Actions on Election Security Bode Well for 2020 appeared first on McAfee Blogs.

]]>

As a U.S. cybersecurity company, McAfee supports legislation that aims to safeguard U.S. election security. After the 2016 election, McAfee sees the importance of improving and preserving election security; we even offered free security tools to local election boards prior to the 2018 elections and released educational research on how localities can best protect themselves in future elections. As the 2020 primary elections quickly approach, it is more important than ever that the federal government takes steps to ensure our election infrastructure is secure and that states and localities have the resources they need to quickly upgrade and secure systems.

The U.S. House of Representatives recently passed H.R. 2722, the Securing America’s Federal Elections (SAFE) Act, legislation introduced by Rep. Zoe Lofgren (D-CA) that would allocate $600 million for states to secure critical election infrastructure. The bill would require cybersecurity safeguards for hardware and software used in elections, prevent the use of wireless communication devices in election systems and require electronic voting machines to be manufactured in the United States. The SAFE Act is a key step to ensuring election security and integrity in the upcoming 2020 election.

Earlier this year, the House also passed H.R. 1, the For the People Act. During a House Homeland Security Committee hearing prior to the bill’s passage, the committee showed commitment to improving the efficiency of election audits and continuing to incentivize the patching of election systems in preparation for the 2020 elections. H.R. 1 and the SAFE Act demonstrate the government’s prioritization of combating election interference. It is exciting to see the House recognize the issue of election security, as it is a multifaceted process and a vital one to our nation’s democracy.

McAfee applauds the House for keeping its focus on election security and prioritizing the allocation of resources to states. We hope that Senate leadership will take up meaningful, comprehensive election security legislation so our country can fully prepare for a secure 2020 election.

The post House Actions on Election Security Bode Well for 2020 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/house-actions-on-election-security-bode-well-for-2020/feed/ 0
Why Data Security Is Important https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-data-security-is-important/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-data-security-is-important/#respond Wed, 01 May 2019 15:00:09 +0000 https://securingtomorrow.mcafee.com/?p=95090

The Increasing Regulatory Focus on Privacy The ongoing trend of data breaches and the increasing privacy risks associated with social media continue to be a national and international concern. These issues have prompted regulators to seriously explore the need for new and stronger regulations to protect consumer privacy. Some of the regulatory solutions focus on […]

The post Why Data Security Is Important appeared first on McAfee Blogs.

]]>

The Increasing Regulatory Focus on Privacy

The ongoing trend of data breaches and the increasing privacy risks associated with social media continue to be a national and international concern. These issues have prompted regulators to seriously explore the need for new and stronger regulations to protect consumer privacy. Some of the regulatory solutions focus on U.S. federal-level breach and privacy laws, while individual U.S. states are also looking to strengthen and broaden their privacy laws.

The focus on stronger consumer privacy has already sparked new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). Many customers of U.S. companies are covered by GDPR’s broad privacy protections, which protects the rights of residents of the European Economic Area. As U.S. states increasingly pass their own privacy laws, the legal environment is becoming more fragmented and complex. This has led to an increased focus on potentially creating a U.S. federal privacy law, perhaps along the lines of the GDPR or otherwise protecting individuals’ information more broadly than the sectoral laws now in place. Although it is not clear whether effective national legislation will pass in the immediate future, the continued focus on regulatory solutions to strengthen consumer data privacy appears certain.

Privacy is Important to McAfee

For technology to be effective, individuals and corporations must be able to trust it. McAfee believes that trust in the integrity of systems – whether a corporate firewall or a child’s cell phone – is essential to enabling people to get the most possible out of their technologies. Fundamental to that trust is privacy and the protection of data. McAfee is committed to enabling the protection of customer, consumer and employee data by providing robust security solutions.

Why Privacy Matters to McAfee
  • Protecting our customers’ personal data and intellectual property, and their consumer and corporate products, is a core value.
  • Robust Privacy and Security solutions are fundamental to McAfee’s strategic vision, products, services and technology solutions.
  • Privacy and Security solutions enable our corporate and government customers to more efficiently and effectively comply with applicable regulatory requirements.
  • McAfee believes privacy and security are necessary prerequisites for individuals to have trust in the use of technology.

Effective Consumer Privacy Also Requires Data Security

Today, electronic systems are commonly used by government, business and consumers. There are many types of electronic systems and connected devices used for a variety of beneficial purposes and entertainment. The use of data is a common element across these systems, some of which may be confidential information, personal data and or sensitive data.

A reliable electronic system must have adequate security to protect the data the system is entrusted to process and use. Data leaks and security breaches threaten the ability of customers to trust businesses and their products. Flawed or inadequate data security to provide robust data protection puts consumers’ privacy at risk.

Too often, privacy and information security are thought of as separate and potentially opposing concerns. However, there are large areas of interdependency between these two important policy areas. Privacy and information security must work in harmony and support each other to achieve the goal of consumer privacy. Privacy requires that consumers have the capacity to decide what data about them is collected and processed, and the data must have safeguards driven by appropriately secure technologies and processes.

Data security is the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Privacy is an individual’s right or desire to be left alone and or to have the ability to control her own data. Data security also enables the effective implementation of protective digital privacy measures to prevent unauthorized access to computers, databases and websites. Data security and privacy must be aligned to effectively implement consumer privacy protections.

An effective risk-based privacy and security framework should apply to all collection of personal data. This does not mean that all frameworks solutions are equal. The risks of collection and processing the personal data must be weighed against the benefits of using the data. Transparency, choice and reasonable notice should always be a part of the way data is collected. The specific solutions of a framework may vary based on the risk and specific types of data. The key is to have in place a proactive evaluation (Privacy and Security by Design principles) to provide the most effective protection for the specific application and data use.

Examples Where Privacy Regulations Require or Enable Robust Data Security

Breach Notification Safe Harbor for Encrypted Data in U.S. State Privacy Laws

Data breach notification laws require organizations to notify affected persons or regulatory authorities when an unauthorized acquisition of personal data occurs as defined by the applicable law or regulation. Many U.S. state laws provide a “safe harbor” for data breach notice obligations if the data was encrypted. A safe harbor may be defined as a “provision of a statute or a regulation that reduces or eliminates a party’s liability under the law, on the condition that the party performed its actions in good faith or in compliance with defined standards.”

Security safe harbor provisions may be used to encourage entities and organizations to proactively protect sensitive or restricted data by employing good security practices. Encrypting data may protect the organization from costly public breach notifications.  Encrypted data may be excluded from breach requirements or unauthorized access to encrypted data may not be considered a “breach” as defined in the statute. To be protected by an encryption “safe harbor” exemption, the breached organization must encrypt data in compliance with the state statute. The state-specific statutes may also require control of the encryption keys to claim safe harbor.

GDPR Security Requirements

The General Data Protection Regulation (GDPR) went into effect in the European Economic Area (EEA) in 2018, enhancing further the privacy rights of residents of the EEA.  In addition to allowing EEA residents access to personal data collected about them, the GDPR requires companies interacting with this data to perform risk analyses to determine how to secure the data appropriately.  The GDPR lays out basic security requirements in Article 32, GDPR Security of processing, which requires entities to “ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.”

Controllers of personal data must also have appropriate technical and organizational measures to satisfy the GDPR. Business processes that handle personal data must be designed and implemented to meet the GDPR security principles and to provide adequate safeguards to protect personal data.

Implementing a robust security framework to meet the GDPR requirements means the organization should proactively evaluate its data security policies, business practices and security technologies, and the organization must develop security strategies that adequately protect personal data.

Next Steps:

Federal policymakers need to pass uniform privacy legislation into law. A key part of this effort must include sufficiently strong cybersecurity provisions, which are imperative to protecting data, as evidenced by GDPR and thoughtful state breach notification laws. Instead of relying on hard regulations to incent organizations to implement strong security, policymakers should include a liability incentive – a rebuttable presumption or a safe harbor – in privacy legislation. Such an approach, ideally aligned to NIST’s flexible Cybersecurity Framework, would enable policy makers to promote the adoption of strong security measures without resorting to a “check the box” compliance model that has the potential to burden customers and discourage innovation in cyber security markets.

The post Why Data Security Is Important appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/why-data-security-is-important/feed/ 0
Federal, State Cyber Resiliency Requires Action https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/#respond Tue, 16 Apr 2019 15:00:42 +0000 https://securingtomorrow.mcafee.com/?p=94907

It is no shock that our state and local infrastructures are some of the most sought-after targets for foreign and malicious cyber attackers, but the real surprise lies in the lack of preventive measures that are able to curb them. Major attention has been drawn to the critical gaps that exist as a result of […]

The post Federal, State Cyber Resiliency Requires Action appeared first on McAfee Blogs.

]]>

It is no shock that our state and local infrastructures are some of the most sought-after targets for foreign and malicious cyber attackers, but the real surprise lies in the lack of preventive measures that are able to curb them. Major attention has been drawn to the critical gaps that exist as a result of an ever-expanding attack surface, making old system architectures an increasing liability.

Recently, the city of Albany, New York became a victim of a ruthless ransomware attack, which created a series of municipal service interruptions. Residents weren’t able to use the city’s services to obtain birth certificates, death certificates or marriage licenses, and the police department’s networks were rendered inoperable for an entire day. This resulted in an enormous disruption of the city’s functionality and made clear that the threat to infrastructure is more real than ever. Bolstering state and local digital defenses should be of the utmost priority, especially as we near the 2020 presidential elections when further attacks on election infrastructure are expected. We must take the necessary precautions to mitigate cyberattack risk.

The reintroduction of the State Cyber Resiliency Act by Senators Mark Warner (D-VA) and Cory Gardner (R-CO), and Representatives Derek Kilmer (D-WA) and Michael McCaul (R-TX), does just that. The legislation demonstrates a critical bipartisan effort to ensure that state, local and tribal governments have a robust capacity to strengthen their defenses against cybersecurity threats and vulnerabilities through the Department of Homeland Security (DHS). States have made clear that they suffer from inadequate resources to deal with increasingly sophisticated attacks, but also the most basic attacks, which require proper safeguards and baseline protection. This bill works to strategically address the challenges posed by a lack of resources to deal with emerging threats.

The possibility of cyber warfare must not be taken lightly and has long gone ignored. This bill shows that the status quo of kicking the can further down the road will no longer stand as a “strategy” in today’s political and cybersecurity landscape. Action is necessary to better secure our national security and the systems upon which every sector of our economy relies, from utilities to banking to emergency first responders to hospital networks to election infrastructure. It is our responsibility to create and support the safeguards against bad actors looking for gaps in our infrastructure.

The bill makes states eligible for grants to implement comprehensive, flexible cybersecurity plans that address continuous vulnerability monitoring, protection for critical infrastructure systems and a resilient cybersecurity workforce. States would also be able to repurpose funds to various local and tribal governments. In addition, the bill would implement a 15-person committee to review the proposed plans and track the spending of state and local governments. This committee would help states and localities formulate and deliver annual reports to Congress that detail the program’s progress. The specific funding was not disclosed, but this effort showcases the timeliness of the issue and why it is such an imperative step at this stage in time.

We must take basic steps to ensure the security of our state and local systems, and enable systems to be patched, maintained and protected from outside threats. This bill is a welcomed and needed effort by lawmakers to address the existing challenges states and local governments and infrastructures are dealing with every day.  As adversaries become increasingly sophisticated and targeted in their attack strategies, we have a responsibility to best equip states and localities with the necessary tools to close gaps and mitigate gaps.

We at McAfee are committed to partnering with federal, state and local governments to equip them with the best strategies to create a better and more secure cybersecurity future.

The post Federal, State Cyber Resiliency Requires Action appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/feed/ 0
Step Up on Emerging Technology, or Risk Falling Behind https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/#respond Fri, 18 Jan 2019 22:00:30 +0000 https://securingtomorrow.mcafee.com/?p=93885

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in […]

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in the global market while supporting the development of emerging technology (read comments submitted by McAfee here).

Emerging technology poses an interesting challenge for tech companies and federal regulators alike. In many cases, technologies that BIS designates as “emerging,” such as AI and machine learning, are already in widespread use around the world. Other technologies like quantum computing are very much in the research and development phase but have the potential to alter the course of national security for decades to come. Many of these technologies are difficult to define and control, and many are software-based, which greatly complicates the development of regulation. Software technologies, by their very nature, are fundamentally different from physical items and physical process technologies. Their intangible, readily-reproducible character makes software-based technologies inherently difficult to define and control.

This task is enormous and must be handled cautiously, as history has provided countless examples of how overregulation has the capability to hamper development. A poignant example of overregulation at the cost of progress is the automobile industry. According to Deloitte, although tough restrictions on automobiles were nothing but well-intentioned in the late 1800’s, regulation greatly hampered research and advancement. The early days of the automobile industry should serve as a cautionary tale when it comes to regulating new and innovative technology.

The U.S. is in a unique position to act to protect our technological interest and secure the nation’s position as a global leader. The U.S. secured a pivotal tech leadership role, having spearheaded the development of the internet in the early 1990’s. The nation has immense power and potential to take the mantle on emerging technology, and the stakes are high. Some of the country’s greatest accomplishments have stemmed from empowering the private sector and encouraging innovation. For example, tremendous strides in private sector space exploration have been made possible due to the support and administration of empowering legislation. Companies like SpaceX and Boeing are creating next generation space technology, working each day to ensure that the U.S. maintains competitiveness.

Cybersecurity is another area that requires particular attention. Given the global availability of cybersecurity tools, many of which make use of the emerging technologies under review, McAfee understands that great care needs to be taken by our government before imposing additional export controls on American cyber companies. These rules can have the unintended and harmful consequence of stunting the growth and technical capabilities of the very companies that currently protect vital U.S. critical infrastructure, including federal and state government infrastructure, from cyber-attacks. As a leading nation, it is critical to stay ahead of threats by criminal actors. This is only possible if cyber companies have the ability to access global markets to fund the research and development needed to keep pace with rapid innovation. Controls should be implemented with a great understanding of the need to stay competitive in global innovation, particularly when it comes to cybersecurity.

Overregulation could cause great harm, and the U.S. government must tread carefully in administering a carefully-crafted, targeted approach. Rather than burdening U.S. software companies with new and substantial export control compliance costs, the U.S. should seek to empower these companies. Any controls deemed essential by the government should be as narrowly tailored as possible, especially given the broad range of current and future companies and technologies. A multilateral approach to export controls on emerging technologies is vital for U.S. companies to remain innovative and competitive in the global marketplace. This cautious approach would ensure alignment between the private and public sectors, ultimately allowing for emerging technology to be front and center. Providing an ecosystem in which the technology of tomorrow can flourish is essential to the U.S. continuing to blaze the trail on emerging technologies.

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/feed/ 0
New DHS Agency Will Provide Needed Emphasis on Cybersecurity https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/#respond Mon, 03 Dec 2018 14:00:54 +0000 https://securingtomorrow.mcafee.com/?p=92843

Cybersecurity is playing an increasingly greater role in our government and economy. As our world becomes more interconnected, the cyberthreat landscape is growing and rapidly evolving. To address both physical threats and cyberthreats, the leading federal agency must have the flexibility and resources to quickly mitigate any potential interruptions or harm. Last week, a critical […]

The post New DHS Agency Will Provide Needed Emphasis on Cybersecurity appeared first on McAfee Blogs.

]]>

Cybersecurity is playing an increasingly greater role in our government and economy. As our world becomes more interconnected, the cyberthreat landscape is growing and rapidly evolving. To address both physical threats and cyberthreats, the leading federal agency must have the flexibility and resources to quickly mitigate any potential interruptions or harm.

Last week, a critical step was taken in how the Department of Homeland Security (DHS) manages cybersecurity. The long-awaited Cybersecurity and Infrastructure Security Agency (CISA) Act was signed into law by the president, reorganizing the former National Protection and Programs Directorate (NPPD) into CISA. The permanent establishment of a stand-alone federal agency equipped to deal with cyberthreats is long overdue and welcome among the cybersecurity community.

CISA will be its own department within DHS, similar to the Transportation Security Administration (TSA), and will be led by cybersecurity expert, NPPD Under Secretary Christopher C. Krebs, who has had a distinguished career in both the public and private sectors. Establishing CISA as a stand-alone agency within DHS elevates both the mission of cybersecurity in the federal government and cybersecurity’s importance and solidifies the position of cybersecurity in our economy.

This is a smart decision on the part of Congress and the White House. It will help the newly created agency outline its priorities, advocate for a separate budget, and further develop recruitment efforts. CISA’s leaders will have the ability to continue to drive a culture of cybersecurity within our federal agencies and workforce while enhancing their capabilities to partner with the private sector to address our nation’s most critical cybersecurity threats.

McAfee looks forward to continuing to work with Christopher C. Krebs and his able team, led by CISA Assistant Director for Cybersecurity Jeanette Manfra.

 

The post New DHS Agency Will Provide Needed Emphasis on Cybersecurity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/new-dhs-agency-will-provide-needed-emphasis-on-cybersecurity/feed/ 0
Securing the Social Security Number to Protect U.S. Citizens https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/ https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/#respond Wed, 10 Oct 2018 13:01:19 +0000 https://securingtomorrow.mcafee.com/?p=91724 With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. […]

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. The SSN has become a common identifier in the U.S. and is now integrated into many identification processes across different institutions.

The SSN is also the gateway to all sorts of other personal information – health records, financial positions, employment records, and a host of other purposes for which the SSN was never designed but has come to fulfill. What do all these pieces of information have in common? They are meant to be private.

Unfortunately, the unforeseen overreliance on the SSN as an identifier has left citizens’ identities vulnerable. The reality is that the SSN can easily be stolen and misused. It is a low-risk, high-reward target for cybercriminals that is used for fraudulent activities and also sold in bulk on the cybercrime black market. This has resulted in major privacy and security vulnerabilities for Americans, with some estimates saying that between 60 percent and 80 percent of all SSNs have been stolen. For example, Equifax and OPM breaches exposed probably millions of SSNs.

This is not a new problem.

Twenty-five years ago, computer scientists voiced concerns about sharing a single piece of permanent information as a means of proving a person’s identity. The issue has only recently gained national attention due to major breaches where cyber criminals were able to access millions of consumers’ personal online information. So, why hasn’t there been any significant measure put in place to safeguard digital identities?

A major reason for a lack of action on this issue has been a lack of incentives or forcing functions to change the way identity transactions work. But it’s time for policymakers to modernize the systems and methods that identify citizens and enable citizens to prove their identity with minimal risk of impersonation and without overtly compromising privacy.

The good news is that the U.S. has the technology pieces to put in place a high-quality and high security identity solution for U.S. citizens.

There are reasonable and near-term steps we can take to modernize and protect the Social Security Number to create better privacy and security in identification practices. McAfee and The Center for Strategic and International Studies (CSIS) recently released a study on Modernizing the Social Security Number with the aim of turning the Social Security Number into a secure and private foundation for digital credentials. The report’s ultimate recommendation is to replace the traditional paper Social Security card with a smart card — a plastic card with an embedded chip, like the credit cards that most people now carry. Having a smart card rather than a paper issued SSN would make the SSN less vulnerable to misuse.

A smart card is a viable solution that already has the infrastructure in place to support it. However, there are other potential solutions that must not be overlooked, such as biometrics. Biometrics measure personal features such as voice, fingerprint, iris and hand motions. Integrating biometrics into a system that relies on two-factor authentication would provide a security and privacy threshold that would make it very difficult for cybercriminals to replicate.

What is most critical, however, is that action is taken. This is an issue that deserves immediate attention and action. Every day this matter remains unresolved is another day cyber criminals continue their efforts to compromise consumer data in order to impersonate those whose data has been breached.

With the Social Security Number serving as the ultimate identifier, isn’t it time that we modernize it to address today’s evolving privacy vulnerabilities? Modernizing the SSN will help with authentication, will provide more security, and will help safeguard individual privacy. Modernizing the SSN must be a high priority for our policymakers.

The post Securing the Social Security Number to Protect U.S. Citizens appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/modernizing-the-social-security-number/feed/ 0
Insider Threats Deserve Attention, Solutions in Government: Report https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/ https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/#respond Thu, 25 Jun 2015 17:48:48 +0000 https://blogs.mcafee.com/?p=44149 As the persistence of insider threats remain a critical issue for government agencies to face. Security leaders like McAfee  have responded by prioritizing solutions that can mitigate insider threats in their pipeline. Government agencies have begun implementing policy changes that can help reduce the risk of an insider threat that can lead to critical data […]

The post Insider Threats Deserve Attention, Solutions in Government: Report appeared first on McAfee Blogs.

]]>
As the persistence of insider threats remain a critical issue for government agencies to face. Security leaders like McAfee  have responded by prioritizing solutions that can mitigate insider threats in their pipeline. Government agencies have begun implementing policy changes that can help reduce the risk of an insider threat that can lead to critical data loss. Still as a recent report shows, there’s work to be done.

The report, which was released by GAO this month, finds that even DoD, which has an overall superior security posture to some of the other agencies, still needs to do more to protect itself against insider threats. The report finds that while some DoD divisions have implemented effective training for insider threat risks, other areas have not. Furthermore, the report found that no agency-wide solution to unauthorized data disclosures yet exists.

So what can agencies like DoD do to close the gaps that remain? McAfee solutions like McAfee Data Loss Prevention (DLP), implemented in a DoD enterprise environment, may hold the key. DLP enforces per-user policy on access to sensitive data and allows IP protection and data encryption/decryption to be centrally managed from McAfee endpoint management solution – ePO. Combined with a Next-Generation Firewall that can identify and detect discrete data packets entering or exiting a network, DLP has the potential to completely shut out any insider threat, even in an organization as large as DoD.

Insider threat isn’t purely a technology or policy problem, and will require a solution with elements of both. We commend GAO for their comprehensive report on this very serious issue. But this report has also paved a way toward solutions that may help agencies reduce this critical threat someday soon. The report is a vital read for any technology or security practitioner in government

To read the full report, click here.

 

The post Insider Threats Deserve Attention, Solutions in Government: Report appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/insider-threats-deserve-attention-solutions-government-report/feed/ 0