Cybersecurity & Tech

+1 Country CyrptoCurrency

Add Sweden to the list of countries pursuing a national crypto currency.

How will the e-Krona, cyrptocurrency pilot work?

• users will be able to hold e-kronor in a digital wallet
• send or receive payments
• make deposits or withdrawals using their mobile phones
• transactions will also be possible via wearables like smart watches, as well as bank cards

What is the country’s goal? create a longer-lasting electronic payment system that is safe and efficient

When did the country begin work on the e-Krona? 2017

Will Sweden’s national bank work with national banks in other countries? yes, the national banks of Britain, the Eurozone, Japan, and Switzerland

Micky | Sweden pilots central bank digital currency e-krona as cash declines

CryptoPotato | Sweden’s Central Bank To Begin Testing National Cryptocurrency

+1 State Blockchain Legislation

Where: New Jersey

What: A 2891 (2020 | NJ)

What playing field does A2891 want for blockchain?

• licensure requirements for virtual currency businesses
• consumer protections for cryptocurrency
• regulatory authority under the Department of Banking and Insurance 

Supporters of this bill: Blockchain Association of New Jersey

Insider NJ | Lopez Introduces Bill to Create Consumer-Friendly Protections and Regulations in Virtual Currency Industry

Business TREND. Public Private CyberSecurity Center

Who: Mastercard

Where: European Union

What: The European Cyber Resilience Centre

The goal: affiliation between public, private and regulatory sectors to support enterprise resilience

Mastercard’s partners in the public private project:

• national cyber intelligence centers
• industry groups
• law enforcement agencies
• central banks across Europe – ECRB, ECCFI, Europol, FS-ISAC, INTERPOL, NBB and the U.K.’s NCA and NCSC

PYMTNS | Mastercard Introduces European Cybersecurity Center

Right to be Forgotten Act

Where: Iowa

What is the Right to be Forgotten Act? Senate File 2236 (2020 | IA) would allow people to have information removed from “the internet”

What 3 types of information could not be removed from the internet:

• criminal convictions
• litigation relating to a violent crime
• matters of significant public interest

How long would an internet operator have to remove content? 30 days

The Gazette | Bill Could Make Your Cringey High School Posts Disappear

PROCUREMENT. Artificial Intelligence to Review State Regulations

The machines have arrived in OHIO to unleash artificial intelligence (AI) on state regulations.

What’s the Republican goal of AI review of state regulations?

• streamline state regulations
• eliminating redundant permitting requirements

The project names: Common Sense Initiative & InnovateOhio

The leader of the projects: Ohio’s Lt. Governor Husted

The procurement: Up to $1.2 million for a private company to develop the AI tools

The Plain Dealer via Governing | Ohio to Analyze State Regulations with Artificial Intelligence

TX Attorney General Opinion. Cyber Training + Appraisal Boards

The Opinion request: RQ-0332-KP

The requestor: Hill County Attorney

The Question to be answered: Whether the board of directors of appraisal districts are considered “employees” or “elected officials” for purposes of cybersecurity training under Government Code Section 2054.5191(a-1). 

Why is this a question? Appraisal board directors are elected by taxing jurisdictions, technically speaking, but are appointed. Could the legislation have intended to skip over appointees?

Lege TREND. Subpoena Power over ISPs

What: S.3045 – Cybersecurity Vulnerability Identification and Notification Act of 2019 (2020 | 116th Congress)

The goal: compel ISPs to share details of vulnerable entities with the Cybersecurity and Infrastructure Security Agency

The concerns:

• Privacy
• Police powers that could kick in when ISP details are shared

NextGov | CISA Director Makes Case for Subpoena Power over Internet Service Providers

Lege TREND. Voluntary Registry for Private Security Cameras to Aid Law Enforcement

Where: Baltimore County, Md

How will the registry operate? voluntary private security camera registry for property owners with devices pointed toward a public right-of-way

What’s the purpose of the registry? to map private security cameras to give law enforcement prompt access to footage while investigating crimes

What’s the incentive for citizens? the county will waive alarm permitting fees for new alarm system installations

Baltimore Sun | Governing | County Might Use Private Cameras to Improve Public Safety

Local Regulations Respond to 5G

Where: Costa Mesa, CA

What issues did Costa Mesa address in their 5G regulations? potential health risks of 5G technology

How were the city ordinances tweaked?

• Distance requirements for small wireless communication facilities — e.g. small boxes on street poles
  • must be 750 feet from other communication facilities of the same company
  • within 250 feet of other companies boxes
  • even closer in non-residential areas
• Resident Notification. Created an opt-in for residents to receive an email every time a wireless provider applies to install a new small cell box, or any time a provider asks to swap out 4G technology for 5G

Governing | City Council Responds to Community, Adjusts 5G Regulations

Ransomware Hits Campaign Search Engine

What: a broadcast television search engine used by political campaigns to monitor opponents & track ads was hit by ransomware

Data that may have been accessed: Campaign data including email addresses of candidates

What is the campaign concern: campaign data is sold or used for political advantage

CNET | Ransomware hits TV search engine popular among political campaigns

More Legislation to Regulate Internet of Things (IoT)

Where: UK

What regulations are being proposed to regulate IoT? Consultation on regulatory proposals on consumer IoT security

Key regulations:

• Secure Passwords. All IoT device passwords must be unique & not resettable to any universal factory setting
• Public Contact & Internal Investigation. Manufacturers of IoT devices must provide a public point of contact to report a vulnerability that will be acted on in a timely manner
• Security Update Timeline. Manufacturers of IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online

Fast Mode | UK Gov Announces New IoT Cyber Security Laws for Smart Devices

What Construction Contractors Need to Know about Cyber Insurance

What type of contractors are we talking about? Associated General Contractors of Washington

3 ways cyber insurance coverage helps the construction industry:

• ensure protection for corporate confidential information, such as under a non-disclosure agreement
• 30% of all cyber-related claims are ransomware attacks that can lead to a shutdown of a contractor’s computer network
  • ensure coverage for any data loss
• more often contracts require cyber security protections

Daily Journal of Commerce | Are you insured against cyberattacks? Here’s what contractors need to know

+1 State Registration of Data Brokers

What state is considering registration for data brokers? Washington

The legislation: By a Republican HB 1503 (2020 | WA)

What will this bill do?

• annual registration with the Office of Privacy and Data Protection
• pay a registration fee
• provide information concerning the collection, storing & selling personal information
• require disclosure of opt-out procedures

Washington State Republican House | Rep. Norma Smith introduces package of consumer-focused, online data privacy legislation

Governing | Washington State Legislators Debate over New Privacy Bills

Anatomy of a Bill to Protect Kids Data Privacy

The legislation: HR 5703 (116th Congress)

What would this bill do to protect children?

• ban ads targeted to individual children
• protect children privacy through 18, current laws protect kids to 13
• prohibits companies from requiring a waiver from the law before access to their website or product
• allow kids to opt into tracking and ads
• will impact companies if they SHOULD know that their users are kids

Tampa Bay Times | Governing | When It Comes to Users’ Data Privacy, Don’t Forget the Kids

2019’s Ransomware Average Costs & Numbers

Ransomeware attacks by the numbers:

• up to 25% increase in cyber insurance rates by U.S. insurers
• 6% fewer ransomware incidents in 2019
• average ransom of $41,198 during the 2019 third quarter
•  $98,705.96 in Bitcoin paid by Albany County Airport Authority

Reuters | Insurers look to curb ransomware exposure as U.S. cyber rates rise

$41,198 Numbers in the News | Governing

TRENDING. Crypto Only Casinos. Do your laws & regs address it?

The first crypto only casino popped up in Venezuela.

Where is it located? the Hotel Humboldt in the Ávila National Park

Anything unique about Venezuela? It has a state backed crypto currency, the Petro

Gambling News | Venezuela Will Harbor First Crypto-Only Operating Casino

3 Signs Pointing to Digital Bill of Rights

• National Academy of Public Administration recently identified Ensure Data Security and Individual Privacy as one of its 12 Grand Challenges in Public Administration
• California’s privacy protection legislation is being replicated in other states
• European Union’s General Data Protection Regulation

The Business of Federal Technology FCW | Is it time for a national Digital Bill of Rights?

Business TREND. Linking Your Coffee to the Coffee Bean Farmer with Blockchain.

Who: IBM

How: IBM and Farmer Connect utilized the massive amount of farm and logistics data to link your coffee to a faraway farmer

The app: Thank my farmer

What benefit does this have for the farmer? The app allows the consumer to add extra financial support to the workers growing and picking the beans

Wired | IBM Harnesses Blockchain to Take Apart a Cup of Coffee

Lege TREND. Cybersecurity + Public Education Initiative for Cybersecurity Ready Workforce

Where: North Dakota

How does North Dakota plan on ensuring an educated cyber security workforce? Every student and every school will receive cyber security education

How did it come together? With a partnership called, EduTech, that includes:

• the educational technology arm of the North Dakota Information Technology team
• K-12, higher education
• workforce development
• military
• state government
• industry partners

KFGO | North Dakota’s Cybersecurity Education Initiative

State legislation. Regulating the Sale of Data.

Where? Virginia

What? SB 641 (2020 | VA)

What new regulations are being called for?

• reasonable security measures to protect personal data
• required response to privacy requests
• notification to Virginia residents of data breaches

Husch Blackwell | Analyzing The 2020 Virginia Privacy Act And Sale Of Personal Data Act

Mandating 50 State Cybersecurity Leaders

What? Cybersecurity State Coordinator Act of 2020 by Senators Hassan, Cornyn, Portman, & Peters

Why? States need to be better prepared for ransomware attacks

Who is paying? The feds via  a federally-funded program within  Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency

So are these 50 fed employees? Yes.

What would these federal employees do for each state?

• work with all levels of government to prepare for, prevent, and respond to attacks
• security risk advisor, point-of-contact, and facilitator between federal and non-federal organizations, including state and local governments, schools, and hospitals
• coordinator to raise awareness of the financial, technical, and operational resources non-government entities can receive from the federal government

Decipher | SENATORS PROPOSE CYBERSECURITY COORDINATORS FOR EVERY STATE

Blockchain regulations can also impact these industries:

We all know blockchain & crypto currency are linked, but what else can blockchain do?

• frictionless movement of money, cutting money transfer times
• support billions of transactions at high speed and low cost (like access to a single article behind an annual subscription)

Analytics Magazine | BLOCKCHAIN CAN GROW BEYOND CRYPTOCURRENCY & SOLVE REAL-WORLD PROBLEMS, SAYS RIPPLE MD NAVIN GUPTA

22/01/2020

Value of Health Data Records.

What’s driving up value? Big tech wants to make it easier for you to access your health records

What’s the 2025 estimated value of health care records? $38 billion

What would be the regulatory trend? RECORDS CONSOLIDATION, known often as FHIR and pronounced “fire” — a catchier way of saying Fast Healthcare Interoperability Resources

IS there an existing government project on health care records transferability? Yes, Blue Button,

What companies are involved in Blue button? Microsoft, Google, Amazon, IBM, Oracle and Salesforce

Kaiser Health News | Tech giants like Apple and Google are competing to make it easier for you to get your health records, and it could be a $38 billion market

Local TREND. Initiative to Bring More Women into Tech

Where: Los Angeles County , CA

What: The Women in Tech (WIT) hiring initiative 

Why?

• fix the gender imbalance in tech
• specifically, to mentor and encourage women, 14 – 24, to pursue career paths in government IT work

Does it fit into existing local government initiatives?

Yes,  expands the existing Countywide Youth Bridges Program (CYBP) that “exposes at-risk and disconnected youth to careers within county government through mentorship, workshops and training.”

Government Technology | Hiring Initiative to Try to Rectify Tech’s Gender Imbalance

+1 City Bans Facial Recognition Software

Which city is the latest to ban facial recognition software? Cambridge, MA

Is there parallel state legislation? Yes the Legislature is also considering a ban on facial recognition software

What are the 2 policy issues?

• privacy laws have not caught up with the software
• regulation at the state and federal level of biometric surveillance is nonexistent

Governing | Another One Bites The Dust: Cambridge Bans Facial Recognition

How many states have Chief Data Officers?

28 State have Chief Data Officers, or a similar position

1 state, Alabama, eliminated the Chief Data Officer in 2019

22 states have no Chief Data Officer

The 1st Chief Data Officer was in 2011 when Colorado created the position

New state tech positions on the horizon:  chief analytics officer 

Governing | Chief Data Officers in Place in Over Half of U.S. States

State Bans Facial Recognition Software. Can local governments get a refund?

Where: New York

What local government purchased facial recognition software? Lockport City School District 

What amendment is the local government looking for? Recoupment of costs from the state for pre-purchased facial recognition software

Governing | Trustee Wants School District to Get Refund for Recognition Tech

Lege TREND. Vehicle Tracking Law Enforcement.

Where: Massachusetts 

How was vehicle tracking of law enforcement vehicles enacted? Regulatory Action. The State Department of Public Safety implemented a program to hardwire tracking into vehicles.

What are benefits of tracking law enforcement vehicles?

• Safety. Dispatchers can more readily identify locations to dispatch officers
• Safety of Officers. An officers location can be identified to provide assistance
• Accountability

Governing | State Police Held Accountable with Vehicle Trackers

Internet of Things. Legislative TREND.

California was the first to tackle security standards for internet of things- those connected devices in our lives that collect information about us.

This week, Consumer Reports sent a letter requesting higher data security standards for the internet connected products by:

Abode
ADT / LifeShield
Arlo
August
Blink
Canary
D-Link
Eufy/Anker
Frontpoint
Guardzilla
Honeywell Home
iSmartAlarm
Logitech
Google/Nest
Netvue
Night Owl
Ooma
Remo+
Ring
Samsung SmartThings
Scout
SimpliSafe
TP-Link
Wyze
Zmodo

Consumer Reports | Consumer Reports letter to connected camera manufacturers to call for raising security and privacy standards

5 Disruptive Tech Trends. Bonjour Business Opportunities. Bonjour Regulation.

• Expansion of gig and sharing economies leading to new laws about employees/contractors, fees, taxes, safety
• Plant Based Meat. Tofurky goes mainstream. How do you regulate meat that isn’t meat?
• AI. How many cities and states will ban facial recognition software?
• Tech is Going Political. Tech companies are spending more on representation & are more vocal across the spectrum of issues
• 5G. Requires a lot more towers than 4G. That’s permitting. That’s new regulations. That’s acquiring property.

Medium | Five Disruptive Tech Trends We’re Tracking in 2020

New State Database. New Privacy Issues. New Legislation.

Where: Georgia

What is the new state database? Public Law Enforcement “Use of Force Database” HB 636 (2020 | GA) authored by 6 female legislators

What would Georgia’s HB 636 require?

• require monthly reporting of every use of force against any subject in writing
• require agencies to enter and maintain each use of force incident in a centralized database that is accessible to the public
• required maintenance of a list detailing any and all law enforcement officers who have been disciplined as a result of the use of force

Which law enforcement agencies does it apply to?

• all police departments
• all Sheriff’s Office
• campus law enforcement
• all law enforcement, whether part-time or full-time

Is this new? No, the FBI has a database and the US Attorney’s Office has collected the data for decades

All on Georgia | Bill Would Create Public Law Enforcement ‘Use of Force’ Database

Non-profits & Data Security Rules, Regulations & Laws

How should non-profits handle data?

• Audit current data collection strategies
  • Ask whether they have explicit consent to use certain data points?
  • Determine points of noncompliance and potential remedies
• Third-party testing of security platforms  ensures compliance with GDPR and California standards
• Develop and test internal breach response plans
• Train and Educate staff & volunteers
• Transparency. data collection and processing systems must be fully transparent
• robust security information and event management
  • unify log management
  • detect anomalies
  • threat check assessments
  • backup and recovery systems and next-generation firewalls 

BizTech | What Nonprofits Need to Be Doing to Protect Data Post-GDPR

Talking Points. Model Data Security Legislation for Insurance Companies

Which states have adopted this model data security code?

• Michigan
• Ohio
• Mississippi
• Alabama
• South Carolina
• Delaware
• Connecticut
• New Hampshire

What does the model legislation do?

• applies to insurers and other entities licensed by the department of insurance
• requires the development, implementation and maintenance of an information security program
• requires investigation of any cybersecurity events
• requires notification to the state insurance commissioner of data breaches

The NAIC Insurance Data Security Model Law

Governor Proposes Data Security Rules for Insurance Companies

Where:

Minnesota

Why did the Governor propose 2020 legislation to add data security requirements for insurance companies?

“Minnesota Blue Cross Blue Shield allowed hundreds of thousands of serious cybersecurity vulnerabilities to collect on its computer systems over a period of years.”

What are announced pieces of the legislation?

• adopt national standards for data security at insurance companies
  • will follow Michigan and Ohio’s lead to adopt the model law was drafted in 2017 by the National Association of Insurance Commissioners 
• apply to all insurance companies, not just health care
• state Commerce Department would have investigative & enforcement powers

Star Tribune | New data-privacy law proposed for Minnesota insurers

New Legislative & Regulatory Angle for CryptoCurrency

What’s the new cryptocurrency jargon? managed stablecoins

What’s an example of a managed stablecoins? Facebook’s Libra currency

Is there legislation floating around to look to? Yes, Congresswoman Sylvia Garcia has filed HR 5197 (116th Congress)

Roll Call | Rules, privacy issues loom for fintech industry in 2020

New Legislative & Regulatory Term for Data Security Laws and Rules.

Data Cooperative.

What is a data cooperative? An institution where individuals pool data for safekeeping and for use under certain terms.

Who is bringing this to our attention? MIT Sloan School of Business & ties to a push to permit credit unions to be holders of personal data and use under certain, agreed to, terms

MIT Sloan School | Data Cooperative

Data Security + Right to Repair Automobiles. New Coalition backed by Manufacturers.

Who: Coalition for Safe and Secure Data

Who are the members of Coalition for Safe and Secure Data?

• Alliance of Automobile Manufacturers
• Global Automakers Association
• Computing Technology Industry Association

What concerns are they raising?

• Right to Repair laws, like in Massachusetts
• Exposes vehicle and driver data to security breaches

Collision Week | Vehicle Manufacturer Backed Coalition Raises Data Security Concerns with Massachusetts Right to Repair Proposals

Local TREND. Local Permits for New Tech Testing.

Where: San Francisco

How will San Francisco permit new tech testing:

• The Office of Emerging Technology will issue permits
• Permits will be issued if the Office declares the tech in question a “net public good.”
• It will apply to any testing that occurs above or below city property or on public right-of-ways

What are industry stakeholders saying?

• Vice president of public policy at Postmates, a member of the work group that crafted the legislation, said at a public hearing last month that the days of public-private head-butting are over.
• “This is an era in which government needs to build empathy for technology, and technology companies must build more empathy for government,” he said.

AP | Streets of San Francisco no longer a free-for-all, city reins in tech testing ideas on public

New regulatory forefront for Tech Companies

What is the new regulatory landscape? encryption regulation

How did this start as a topic du jour? US Senators told tech giants, Apple and Google, that they either figure out how to handle court orders for data or lawmakers will do it for them

CNBC | Senators threaten to regulate encryption if tech companies won’t do it themselves

+1 airport bans facial recognition software

Where: Seattle, WA

What entity banned the use of facial recognition software? Port of Seattle Commission

What would be required to lift the ban? When the commission adopts “tangible, enforceable” policies to govern the use of facial recognition software

How does this impact corporate operations of airlines?  Stops Delta from rolling out facial-recognition cameras at its Sea-Tac boarding gates

Does it stop federal agency use of facial recognition software? No,  Custom and Border Protection can install facial-recognition cameras at a new facility to process arriving international travelers

Seattle Times | Seattle Airport Wrestles with Government over Facial Recognition

+1 Governor Executive Order Cybersecurity Committee

Who: Arkansas Governor Asa Hutchinson

What: Creates the Computer Science and Cybersecurity Task Force

Who will serve on the Task Force?

• state agency executives
• researchers from state research institutes
• private vendors
• businesses

What are the goals of the Task Force?

• Careers. examine industry pathways into IT and cybersecurity
• Education. post-secondary alignment strategies and goals, data science and cybersecurity in curricula, and work-based learning opportunities for students

Office of the Governor of Arkansas | EO 19-17

Government Technology | Arkansas Hopes Cybersecurity Task Force Increases Awareness

Top 5 Cities for Tech Jobs 2019

Who compiled this list? Computing Technology Industry Association

What’s the Top 15?

• Austin, Texas
• Raleigh, North Carolina
• San Jose, California
• Seattle
• San Francisco
• Charlotte
• Dallas
• Atlanta
• Denver
• Huntsville, Alabama
• Washington, D.C.
• Columbus, Ohio
• Durham-Chapel Hill
• Boulder, Colorado
• Boston

What metrics were considered?

• cost of living
• number of open IT positions
• projected job growth in 1 year
• projected growth in 5 years

THE HERALD-SUN | Raleigh Stays in Second Place in the U.S. for Tech Jobs

4 Points. Banks + Data Security Legislation.

• National data privacy standard similar to those that currently face financial institutions
• Strong Data Protection and Breach Notice
• Robust Enforcement including retaining administrative enforcement from financial institution regulators
• Preempt state privacy and data security laws

American Bankers Association | U.S. Senate Commerce, Science, and Transportation Committee

State Attorney General Tracks Data Breaches. The numbers:

Where: Washington state

What data breaches are reportable to the Washington Attorney General? Data breaches that impact 500+ Washingtonians

What do the 2019 numbers about data breaches in Washington state show?

• 20% increase in data breaches
• 390,000 impacted
• 2x as many small to mid-size breaches

Washington State Attorney General | AG REPORT SHOWS DATA BREACHES INCREASED IN 2019

Legal TREND. Independent Data Auditors for Businesses.

What? The class action against Facebook

What would independent auditors for Facebook do?

• conduct simulated hacking attacks
• run automated security monitoring
• review the company’s security protocols

Courthouse News Service | Hacking Victims Seek Independent Audits of Facebook Data Security

TREND. Allowing Banks to Sell and Hold Crypto Currency.

Where: Germany

What: Permit German banks to serve as custodians for crypto currency & keep crypto currency for a fee

Idaho Reporter | New law allows German banks to sell and store crypto currency

New Regulatory Frontier. States Selling Resident Data.

Where: California

What data is being sold? California Department of Motor Vehicles sells drivers’ personal information

How much is the California DMV selling for? $50 million/year

Who is buying the data?

• data brokers like LexisNexis
• consumer credit reporting agency like Experian
• private investigators

Are states stopping the practice? Yes, New Jersey is no longer selling data to buyer’s who abuse the data

Vice | DMVs Are Selling Your Data to Private Investigators

Vice | The California DMV Is Making $50M a Year Selling Drivers’ Personal Information

Lege TREND. New way to bring broadband to rural areas

Where: New Hampshire

The legislation: would authorize the multi-town district option that would work with private companies

How did this idea start? SB 103 (2019 | NH)

Is this the first state to take this approach? No, Vermont has a similar system that created the East Central Vermont Telecommunications District and it partnered with ValleyNet to bring fiber service

Governing | New Hampshire Bill Will Allow Multi-Town Broadband System

Lege TREND. 1st came divestment. Next came Prohibiting Certain Countries from Storing Data

What countries could be barred legislatively as places US data can be stored? China

What legislation: Missouri Senator Hawley’s National Security & Personal Data Protection Act of 2019

Engadget | Senate bill would block US companies from storing data in China

Lege TREND. How States are Legislating IoT (all those connected devices in the internet of things)

How many internet of things devices are predicted in the world by 2023? 43 billion

What states are leading the path? California and Oregon

What other states are considering it? Illinois, Kentucky, Massachusetts, Maryland, New York, Rhode Island, Vermont & Virginia

What do state regulations look like?

• require manufacturers to incorporate mandatory minimum security features
• Provide leeway for effective date so that manufacturers can comply
• California and Oregon laws will become effective Jan. 1, 2020

What standards do state regulations apply for security features?

• Is the security feature appropriate to the nature and function of the device?
• Is the security feature appropriate to the information it collects, contains, or transmits?
• Is the security feature designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification or disclosure?

Are there exceptions or limitations to the laws applications? Yes.

• Oregon only applies to devices “used primarily for personal, family, or household purposes.”
• California applies to devices and devices that connect to devices via bluetooth

Government Technology | Contributor: Akin Gump Strauss Hauer & Feld LLP | State Lawmakers Go After IoT Security Risks 

Campaign TREND. Encrypted Communication Apps.

Who is helping facilitate encrypted campaign communications? The nonprofit group Defending Digital Campaigns

What problem does the non-profit want to solve? That nation states wanting to compromise campaigns hold the power as campaigns are often on shoe string budgets

What other data security elements are recommended for campaigns?

• email security
• cybersecurity training
• cyber protection for phones, tablets and laptops

Washington Post | The Cybersecurity 202: Political campaigns are flocking to encrypted messaging apps. But they’re not a panacea

Business TREND. One State law. Company Applies Standard Nationwide.

What company? Microsoft

Which law? California’s Consumer Privacy Act

What is Microsoft saying in support?

•  strong supporters of California’s new law
• support the expansion of privacy protections in the United States 
• privacy is a fundamental human right
• privacy laws should be further strengthened by placing more robust accountability requirements on companies

Microsoft | Microsoft will honor California’s new privacy rights throughout the United States

New Study.Procurement. More Requirements for Election Vendors.

WHO: Brennan Center for Justice

WHAT: A Framework for Election Vendor Oversight

WHY:

• 80% of voting systems controlled by 3 vendors
• little or no oversight of the security of these vendors

RECOMMENDATIONS:

• New federal certification program to issue standards
• Enforce vendors’ compliance with the standards
• Institute mandatory compliance audits
• Utilize a Technical Guidelines Development Committee that includes cyber security experts

Politico | Morning Cybersecurity | MORE PRESSURE ON VENDORS

NIH Wants Industry Feedback on Data Security + Health

Where do I see the proposal: Federal Register Request for Public Comments on a DRAFT NIH Policy for Data Management and Sharing and Supplemental DRAFT Guidance

The goals: improve the current data management and sharing policy for NIH funded or conducted research (Bonjour, to all your medical research and pharmaceutical research clients)

What best practices does NIH want to establish?  

• responsible management and sharing of scientific data
• including exceptions or limits to data sharing

Comment deadline: January 10, 2020.

Health IT Security | NIH Seeks Input on Data Sharing Plan, Including Privacy, Security

New Kid on the Block. Corporate Partnership to Protect Infrastructure

WHO: The Chertoff Group + Dragos

WHAT: A policy intelligence & communication shop + a industrial control system shop

WHY: High Tech infrastructure is a data security target

WHAT ARE INFRASTRUCTURE OPERATORS SAYING?

• Texas Central Rail: “As we usher in 21st century transportation solutions represented by high-speed rail, we believe that the safety of our future passengers is paramount.”

Yahoo Finance | The Chertoff Group and Dragos Form Strategic Partnership to Help Industrial Organizations Improve Risk Mitigation, Threat Detection and Incident Response

Data Breach at Health Agency. By the Numbers.

$1.6 million cost of federal fine to the state health agency

6,617 people had their personal health information accessible

How did the data breach occur?  

• “an internal application was moved from a private, secure server to a public server, where a software flaw allowed the private information to be viewed without access credentials.”
• no risk analysis conducted
• no access and audit controls

The state agency: Texas Department of Aging and Disability Services

Government Technology | Data Breach Costs Texas Health Agency $1.6 Million

3 Reasons for Standard Cyberattack Reporting

Who is calling for standard reporting? Harvard Business Review

Why? The nature of attacks are borderless, fast moving and difficult to predict or manage

What reasons support standard cyberattack reporting?

• Information Sharing. The wheel isn’t being recreated. Attackers will repeat methods.
• Certain Data will inform planning and defenses. this includes:
  • dates relevant to the incident
  • type of incident
  • size of impact on financial results or ability to conduct business
  • type of impact
  • method used to access the network or data
  • how the incident was resolved
• Enforcement. Regulators need this data too to enforce bad actors and educate constituencies

Harvard Business Review | We Need a Global Standard for Reporting Cyber Attacks

Regulatory TREND. Allowing Cyber Security Donations to Physicians

Which regulatory agency is considering this?  United States’ Department of Health and Human Services

What type of donations would be permitted? non-monetary exception to the regulatory Anti-Kickback Statute

What do the rules look like? DHHS proposed cybersecurity donation rules

Why is this critical? Interoperability and data sharing in healthcare makes an entire health care system vulnerable to one office with a cybersecurity weakness

InfoSecurity | US Proposes Legalizing Cybersecurity Tech Donations to Doctors

Legislation to Shore Up City Cyber Security

Where: Congress

What is the legislation: Klobuchar, Peters, Johnson, Lankford Introduce Bipartisan Bill to Strengthen Cybersecurity for Local Governments

What will it do?

• Require the Department of Homeland Security to provide resources and assistance to cities
• Provide cities with .gov domains administered by the federal government

The Hill | Senators introduce bill to strengthen cybersecurity of local governments

State School Grants for Cyber Security. Procurement Opportunity.

Where: Massachusetts

How much cybersecurity funding will Massachusetts offer schools? $250,000 to 94 municipalities and public school districts

What will the grants fund? training 42,000 employees

How does the funding flow? From the Governor’s Office, Executive Office of Technology Services and Security.

Center for Digital Education | Massachusetts Announces School Grants for Cyber Training

State Privacy Legislation 2020 Forecast

States Considering bills like the California Consumer Privacy Act legislation:

• Massachusetts
• Minnesota
• Pennsylvania
• New Jersey
• New York

States where legislation fell apart because of stakeholder disagreements in 2019:

• New York
• Washington state

States where privacy legislation failed:

• Arizona
• Florida
• Kentucky
• Mississippi
• Montana

States studying how to proceed:

• Connecticut
• Hawaii
• Louisiana

Governing | Will More States Adopt Privacy Laws in 2020?

Coalition Against Facial Recognition Tech Regulation

What private business entities are concerned by facial recognition regulation?

• Airports Council International – North America
• American Association of Airport Executives
• Consumer Technology Association
• Global Business Travel Association
• Identification Technology Association
• International Biometrics + Identity Association
• NetChoice
• Security Industry Association
• U.S. Chamber of Commerce

Why are these business interests concerned about facial recognition tech regulation?

• a moratorium is premature
• we need responsible use of this software
• we can’t stifle innovation in this sector, and a moratorium would be stifling

US Chamber of Commerce | Coalition Letter on Facial Recognition Technology

Wall Street Journal | Business Groups Push Back Against Proposed Facial-Recognition Bans

3 Study Points for Governments + Biometric Data

Who is raising these points about biometric data? Silicon Valley Congressman Khanna

What should Government be asking about the collection of biometric data?

• is the data collected for a discriminatory reason?
  • no profiling
  • no systemic bias
• are there clear ethical guidelines?
• if there are complaints that show a disparate impact on race, religion, or gender
  • the biometric data use should be halted until the disparate impact is corrected

NextGov | Silicon Valley Rep Calls For Task Force, Legislation on Government Use of Biometrics

+1 State Cyber Reserve

What is a Cyber Reserve? A special unit in the national guard but for cyber events

Where: Ohio

The legislation: SB 52 (2019 | OH)

The state funding to support the special unit: FY1 $100,000 & FY2 $550,000

Sandusky Register | DeWine signs cyber reserve law

Cincinnati Public Radio | DeWine Signs Bill Creating Ohio Cyber Reserve

What is this new term “zero data”?

What does zero data mean? Isn’t everything data and data is king, queen & court jester? companies that don’t store their own data

Where is the data being stored? 3rd party companies store the data for use by the company that originated the data

What’s the benefit to companies? The liability for the data goes to the 3rd party

Tech Crunch | Very Good Security raises $35M in Series B in ‘zero data’ push

3 Reasons For a National Crypto Currency

Who is calling for a national cryptocurrency? Congressmen French Hill & Bill Foster

Who are the Congressmen asking to authorize a national cryptocurrency? Chairman of the Federal Reserve System

Why a national crypto currency?

• to bolster the dollar’s strength
• other countries are doing it:
  • Sweden has an electronic krona
  • Uruguay an electric peso
  • The Central Bank of China is unveiling an electronic currency in 2020
• Private Sector in the US is also creating digital currencies including JP Morgan & Wells Fargo

Cryptocurrency Post | US Congress calls on Fed to consider creating “national digital currency”

Data Privacy Legislation. Criminal Penalties for CEOs

Where: Congress

What: Senator Wyden’s Mind Your Own Business Act

How would the criminal penalties attach?

• “Consumers must be able to control their own private information
• Companies must provide vastly more transparency about how they use and share our data
• Corporate executives need to be held personally responsible when they lie about protecting our personal information.”

Is this about a specific tech company? “Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences,” the senator said this week. “A slap on the wrist from the FTC won’t do the job, so under my bill he’d face jail time for lying to the government.”

NextGov | Privacy Bill Could Put Dishonest Tech Execs Behind Bars

3 Things Tim Cook Said about Crypto Currency

Who said this? Apple CEO Tim Cook

Who did he say it to? Les Echos newspaper 

What did he say?

• Apple has no crypto currency plans
• Private Entities should not try to gain power by creating currencies ( we see you Facebook)
• Currency should “stay in the hands of countries”

Cryptocurrency News | Tim Cook Talks Cryptocurrencies: It’s a No for Tech Behemoth

3 Reasons Medical Data is the Most Valuable Data

What value is attributed to medical data? 50 times more valuable than a credit card number

Who is offering that valuation?  ClearDATA Chief Privacy and Security Officer and Founder

Why is medical data valuable?

• Can build an entire identity
• The person can access drugs & medical treatment
• The life span of the data is longer than a credit card

Healthcare Dallas CEO | Why Medical Data is 50 Times More Valuable Than a Credit Card

How a State’s Public Education Privacy Council Tackles Student Data Privacy

Where: Maryland

How did we get action from the Maryland’s Privacy Council?

• 2019 audit of Maryland Education Department’s data-storage practices revealed 1.4 million students and 233,000 teachers personal data at risk
• 2015 state law, Student Data Privacy Act of 2015 
• 2018 the Parent Coalition for Student Privacy gave Maryland a D+

Who serves on the privacy council?

• Deputy state superintendent for the Maryland Office of Teaching and Learning
• 2 state congressional representatives
• data-privacy experts
• state Education Department administrators

EdScoop | Maryland privacy council tackles substandard student data protections

Anatomy of Tech Local Campaign Contributions.

Who: Amazon

Where: Seattle

What does their local political contribution plan look like?

• 11 members of Amazon’s so-called “S Team” — senior leaders who report directly to CEO Jeff Bezos
• Many 1st time contributors
• record-setting $1 million contribution to a pro-business political-action committee
• 2017 was the first year Amazon began local contributions in Seattle 

Seattle Times via Governing | Amazon Buys in Heavily to Seattle Council Races

+1 City Cyber Insurance. Anatomy of the $20M Policy Purchase.

Where: Baltimore

What happened to spark the $20M cyber insurance policy? The city experienced a ransomeware attack that cost the city $18M

How did the bidding process work?

• 17 different carriers bid
• 2 contracts issued
• combined total of $835,103
• Chubb will provide $10 million in coverage, with a price tag of $500,103
• AXA XL price tag of $335,000 for coverage of $10 million

Governing | Baltimore Authorizes Purchase of $20M Cyberinsurance Policy

International CryptoCurrency Laws & Regulations Forthcoming

Who is calling for international rules for cryptocurrency?

deputy governor of the Banque De France, the central bank of France

Where were the remarks made?

Forum of Monetary and Financial Institutions 

Why now? Cryptocurrency isn’t that new? Facebook. Its proposed cryptocurrency “could become a threat to international stability due to its huge user base.”

IHODL | Deputy Governor of Bank of France: We Must Develop Standard Crypto Regulation

3 More Data Sets Covered by Data Breach Laws

Where: California

What: AB 1130 (2019 | CA)

Which new pieces of data are protected and trigger breach notifications?

• passport information
• taxpayer identification numbers
• military identification numbers

Bloomberg Law | California Extends Data Breach Law to Passports, Biometric Data

Lake County News | Attorney General Becerra and Assemblymember Levine’s data breach notification bill signed into law

On Your RADAR: Facial Recognition Software Rules for Schools

What are the benefits of facial recognition software in schools?

• SAFETY. Ability to identify who is in a school with proper permissions

What are the harms of facial recognition software?

• WATCHING. Actively monitoring and watching students raises eyebrows to Dan Levy heights
• UNRELIABLE. Facial recognition software is not reliable especially for people of color and women

What schools are in the spotlight for using facial recognition software?  Texas City High School, Putnam City Schools in Oklahoma,  West Platte, Missouri, Spring Hill Independent School District in East Texas

Are there schools prohibited from using facial recognition software? Yes, San Francisco, Oakland

Wired | The Delicate Ethics of Using Facial Recognition in Schools

3 Ways TX used disaster plan to counter ransomware

Who explained the situation? Texas CIO Todd Kimbriel

To whom was the situation explained? National Association of State Chief Information Officers annual conference in Nashville, Tennessee

How did the disaster plan work?

• 1st city to detect something was wrong called its managed service provider in the early morning of Aug. 16. By 8:46 a.m.
• Department of Information Resources had been alerted that several local governments around the state had been hit with ransomware
• By noon, the state operations center in Austin was up and running
• Coordinating several different agencies to begin responding to the attack

What agencies coordinated efforts?

• DIR
• Texas Department of Emergency Management
• National Guard
• Texas A&M University

What facilitated this coordination? 2017 legislation that expanded the Governor’s emergency declaration powers to cover cyber events

State Scoop | How Texas used its disaster playbook after a huge ransomware attack

RFRA Bills Meet Tech Companies

Where: Michigan

What’s RFRA? Religious Freedom Restoration Act

Why are new state bills being filed? To keep tech companies like Google and Facebook content neutral

What’s the actual issue? Whether tech companies should monitor fake news and hate speech

What’s the legislation in Michigan? HB 4801 (2019 | MI)

Governing | Michigan Bill Aims to Stop Facebook, Google From Blocking Speech

Data Sale Prohibition. First Responders.

Where: New York

The legislation: S4119 (2019 | NY) signed by Governor

Who can first responders sell patient information to under this bill?

• health providers
• the patient’s insurer
• parties with appropriate legal authority

Who cannot buy 1st responder patient data under this bill?

• advertisers
• marketers
• promoters
• to any activity used to influence sales

Health IT Security | New York Law Bans First Responders from Selling Patient Data

Legislative Future: Blockchain + Education Policy

What are 4 ways public education can use blockchain technology?

• smart boards
• student records
• control the dispersal of copyrighted materials
• innovative learning platforms

JaxEnter | The impact of blockchain technology on education

5 GDPR Enforcement Issues for Governments

How do you make companies report breaches?

How to do you make companies comply with reporting deadlines?

How do you make companies comply with data security assessment requirements?

How do you get companies to conduct privacy impact assessments to understand cyber vulnerabilities?

How do governments manage fine penalty revenue?

CIO Dive | GDPR pains that won’t go away

Data Security Rulemaking Unintended Consequence

What is the unintended consequence? Public comments submitted by political operatives without permission or comments from a dead person

How many fake public comments are we talking about? The NY Attorney General estimates 9.6 million stolen identities submitted comments

Where is the image problem? The stolen identities have allegedly been traced to a political organization backed by the largest telecommunications companies

Politico via Buss Feed News | Political Operatives Are Faking Voter Outrage With Millions Of Made-Up Comments To Benefit The Rich And Powerful

Fiscal Impact of Data Breaches on Health Care Providers

Who gathered the data? American Medical Association, IBM, Ponemon Assoc., American Dental Assoc.

What does the data say?

• 3 Alabama hospitals operating under emergency procedures since a cyberattack on Oct. 1
• Healthcare has the highest cost per record hacked
• More than $400 per consumer record cost to healthcare providers

Reasons healthcare data is sought by hackers?

• sold for insurance-fraud purposes
• used for extortion purposes against affected health organizations

Wall Street Journal | Smaller Medical Providers Get Burned by Ransomware

Why a State Suspended its Bitcoin Tax Payment System.

Where: Ohio

What: Ohio created a system to permit taxes to be paid by cryptocurrency

When did they suspend the bitcoin payments? less than a year after it was created

What entity suspended the system? A vote by a state panel that oversees the state’s banking and financial methods

What are the next steps? The State Attorney General will investigate if the bitcoin tax payment system was legally created

Are there non-cryptocurrency reasons behind this? Yes, a change in State Treasurer, the office that created the bitcoin payment system + a non-competitively bid contract to operate the bitcoin tax payment portal

Cleveland.com | Ohio suspends bitcoin tax-payment program. And it’s not clear if it’s coming back.

3 Budget Line Items Veto due to cybersecurity concerns.

Which Governor said funding cyber security concerns supported line item vetos? Michigan’s Governor

What items were vetoed to protect the state’s cybersecurity?

•  school aid spending focused on specific vendors
• increase per student funding for charter schools
• funding for a tourism campaign

Detroit News | Gov cuts GOP pet projects in bid to restart budget, road aid talks

New Ransomware Study. Number of Attacks. Cities. Healthcare. Schools.

Who authored the ransomware study? The security firm Emsisoft

What time period does the data cover? January 2019-September 2019

What is the impact of ransomware attacks?

• 621 US government entities, healthcare providers and school districts, colleges and universities were hit this year
• 68 state, county and municipal entities 
  • $5.3 million in total ransom demands
•  62 incidents involving school districts and other educational establishments
  • impact to 1,051 individual schools, colleges and universities
• 491 ransomware attacks this year affected US health care providers
• $8 billion in global losses from ransomware, up 60% from 2018

Security Week | Ransomware Hits Hundreds of US Schools, Local Governments: Study

Business TREND. Retailers Accepting Crypto Currency.

Where: Sephora stores in France

What protocols will be used to accept bitcoin/cryptocurrency? Global POS’ Easy2Play payment platform and EasyWallet app

Global Cosmetic News | SEPHORA TO ACCEPT CRYPTO CURRENCY IN STORE

Policy Issues for Cyber Security in Autonomous Vehicles

Where is there pending legislation for cybersecurity of autonomous vehicles (AVs)? Congress

What is the legislation? S.1885 – AV START Act (115th Congress)

What are the policy issues for AVs?

• requiring autonomous vehicle manufacturers to develop and execute a plan for reducing cyber vulnerabilities
• should a manufacturer have a cybersecurity plan before it can sell vehicles?

Who are stakeholders in the legislation?

•  a coalition of consumer rights
• public health and first responder groups
• vehicle manufacturers
• ride share companies

The Hill | Cyber rules for self-driving cars stall in Congress

Crypto Currency + Human Trafficking Legislation + Utilities

Who is calling for Human Trafficking legislation to include a cryptocurrency angle? former director of the Office of Illicit Finance at the U.S. Department of Treasury

What is the link between human trafficking and cryptocurrency? human traffickers use anonymous, decentralized financial systems (bitcoin etc…) to shield payments of unlawful activities from police and regulators

How can this be regulated?

• Better oversight over cryptocurrency miners by tracking excessive electricity usage
• Create a new form of regulated financial institution, a “virtual asset transaction validators,” , crypto miners
  • the financial transaction validators would be gatekeepers to watch for bad actors

National Law Review | Former Director of Office of Illicit Finance Calls on U.S. Congress to Regulate Crypto Miners in Effort to Combat Human Trafficking

State Procurement. Consolidating Data Centers. Welcoming Private Cloud Computing.

What are 3 ways Nebraska reduced spending by consolidating data centers?

• Closed a statewide data recovery center
• Co-located the data center with a county data center
• State runs a private data cloud that local governments use to store data

How long did the process take? 18 months to consolidate 22 state agencies

State Tech | States Find Security and Savings in Private Clouds

How did Ohio switch from data centers to private cloud for data security?

Who led the switch to private data cloud in Ohio? Ohio Office of Information Technology 

How did the process start? legislation? No, it was by Executive Order.

How much will Ohio save?

• 2,459 to 1,896: Retirement and attrition of IT infrastructure staff
• $40 million to $980,000: Reductions in annual agency server hardware spending
• $28 million to $3 Million: Hardware repairs and maintenance
• $54 million to $35 Million: Backbone network optimization
• $34 million to $27 million: Software

State Tech | States Find Security and Savings in Private Clouds

4 Ways States Use Blockchain for Data Security

Where: Colorado

What are examples of state programs that lend themselves to blockchain?

• transferable licenses
• land rights
• tracking complex grant programs
• food safety

How has Colorado adapted to state use of blockchain/distributed ledger technology?

• Colorado created the position of Blockchain Architect

State Tech | Data Security Emerges as Top Government Application for Blockchain

Anatomy of a State Cyber Risk Fund. Procurement Opportunity for Insurance Carriers.

Where: Arizona

What is the funding request for the Arizona State Cyber Risk Fund? $22.5 Million

What would it fund? statewide insurance & response for data breaches to state agencies 

AZ Mirror | Arizona agency wants $22 million for ‘cyber risk fund’

New Report. Government Incentives for Cyber Insurance Policies

Who is recommending incentives for cyber insurance? Foundation for Defense of Democracies

Where did the Foundation for Defense of Democracies make this recommendation? In its report The Role of Cyber Insurance in Securing the Private Sector

What types of government incentives were recommended?

• tax credits for all government contractors who have cyber insurance

Why are government incentives necessary? Industry has failed to incentivize action

2 Reasons Schools & Libraries are the Preferred Target for Big Game Hackers

What commonalities do schools & libraries share that draws hackers to them?

• lack of funding
• lack of cyber security resources

2 most common hacks before ransomeware:

• malware
• banking trojans

Politico Morning CyberSecurity | School Blues

Local TREND. Cities + Private Business = Cyberthreat Warning

Where: Los Angeles

What is this non-profit public private partnership that L.A. created? LA Cyber Lab

Who is involved in LA CyberLab?

• IBM
• Entertainment industry
• Utility representatives
• Local Universities
• Health care industry
• Telecom

What are the goal os the LA Cyber Lab?

• provide businesses with threat intelligence
• build better local level digital defense

Politico Morning Cyber Security | L.A. (CYBER)STORY

Election Cybersecurity. 1st State to Ban Bar Codes.

Where: Colorado

What: Colorado is the 1st state to ban bar codes (QR Codes) from paper ballots

How are QR Codes/bar Codes used on paper ballots? The bar codes/QR codes are a means to count paper ballots

What did the Colorado Secretary of State say? Voters had no way to verify the bar code or QR code and as such the codes did nothing to secure elections or instill voter confidence

Fox 31 | Colorado becomes first state to ban barcodes for counting votes over security concerns

Business TREND. Tracking Event Ticket Holder Locations.

What ticketing entity is tracking its ticket holders? University Alabama at football games

Why are student location tracked when they attend football games? Incentives are given to students who stay through the 4th quarter

ESPN | Bama tracking students to check 4-quarter stays

+1 Legislature. Yes, cameras. No, Facial Recognition.

Where: California

What: AB 1215 (2019 | CA)

How did the Legislature split the difference to approve cameras and disapprove facial recognition?

• Approving law enforcement body cameras
• Excepting and prohibiting cameras with facial recognition
• Prohibiting using footage from body cameras for later use by facial recognition software

What arguments support prohibiting facial recognition?

• Privacy of California residents
• Need to encourage trust in communities
• Support of the transparency that cameras provide law enforcement
• Avoiding the police being seen as a tool of surveillance

Other states did the same? Yes, Oregon

CNBC | California legislature bars facial recognition for police body cameras

51 Tech Execs Calling for Federal Data Privacy.

Where can I find the list of 51 tech companies:

Their September 10, 2019 letter is here.

Did the tech companies work with a business group?

Yes, Business Roundtable

What are the top 3 arguments the 51 tech CEOS make:

• We support data privacy
• The burden shouldn’t be on consumers to keep up
• There can’t be 51 different sets of rules for data protection

What else do I need to think about? When Major US Auto Manufacturers asked for action on emissions and the federal government did not act, the major auto dealers negotiated a deal with California.

What states could the tech companies go to to negotiate a deal? States most active in data privacy: California, Washington State, New York

ZD NEt | 51 tech CEOs send open letter to Congress asking for a federal data privacy law

Cybersecurity +Pensions.

Who was hacked?

A law enforcement pension in Oklahoma

How much was stolen?

$4.2 Million

What happened?

• investment manager for the fund was hacked

What regulatory/legislative reaction is forthcoming?

• Cybersecurity standards for outside and internal investment managers at pension systems

Other pensions hacked:

•  2016 $100,000 hacked from a Pennsylvania borough’s police pension fund
• 2017 hackers stole the identities of more than 100 retired Iowa public employees to claim pension payments

InfoSecurity | Hackers Steal $4.2m from State Troopers’ Pension Fund