Monthly Archives: November 2017

Anatomy of a East Coast Governor's Cybersecurity Team

Vermont Governor Phil Scott named these new members to his Cybersecurity Team:

  • Chief Security Officer at the UVM Medical Center
  • President of Norwich University’s Applied Research Institutes
  • Computer & Digital Forensics professor at Champlain College

4 Goals of the Cybersecurity Team:

  • Assess the state’s cybersecurity status.
  • Develop a plan to protect public and private sector information systems
  • Evaluate readiness
  • Strengthen safeguards

WAMC | Vermont Governor Names New Members To…

1st ever US hacker attack on Local Transit System. 3 Lessons for other cities.

The transportation system: Sacramento Regional Transit

The hack: destroyed internal systems data, but no data was stolen. It was a ransomware hack with a 1 bitcoin ransom

The recovered data: 80% via backup data

Impact on transportation systems: Train and bus service was not affected

Governing | Hackers Attack Transit System in California’s Capital

 

+ 1 State. Lege Trend. Credit Freezes after a Breach.

The State joining the post-Equifax hack legislative trend: Rhode Island

The proponent: The Rhode Island Attorney General

The legislation would:

  • Free credit freezes &un-freezes. prohibits credit bureaus from charging all Rhode Island consumers fees to place, temporarily lift, or remove security freezes on their accounts

WPRI | RI Attorney General files legislation on security freezes following Equifax data breach

Business Trend. Smart Cities Built by Business. Tech Company Economic Development.

The Business:   Cascade Investment, which is owned by Microsoft’s Bill Gates

The smart city: Belmont, a planned community in Arizona

The smart features:  

  • high-speed networks
  • autonomous vehicles
  • high-speed digital networks
  • data centers
  • new manufacturing technologies
  • autonomous logistics hubs

CNN | Bill Gates invests $80 million to build Arizona smart city

 

Election Trend. Risk Limiting Audits for Elections. +1 More More State Adopts the Policy. Procurement & Legislation Required.

State: Colorado

What is risk limiting audit for elections? 

  • require all jurisdictions to have a sound ballot accounting process
  • require use a batch size of one ballot
  • require that a cast vote record exist and be available and retrievable for each individual ballot

How do risk limiting audits combat election hacking?

  • The number of ballots to select initially is calculated by using the risk limit and the margin of the contests
  • Ballots are next randomly selected
  • Each ballot’s vote…

Legal Trend Begets Lege Trend. What injuries are needed for a cause of action?

Health Data breach suit, CareFirst, is heading to the US Supreme Court, and setting up the standards for what injuries are necessary for a data security  claim.

The Appellate Court found that “that CareFirst failed to properly secure their data and thereby subjected them to a substantial risk of identity theft…we have little difficulty concluding that their injury in fact is fairly traceable to CareFirst,”

Code words for legislative drafters: fairly traceable

Health IT Security | CareFirst…

Lege Trend. Data Security Bills that Include HIPAA. Read the Bill.

Previously on informed:intel we read about Maryland’s updated data security bill from 2017, but let’s shift our focus to the inclusion of HIPPA requirements.

Maryland’s state data breach law will include this personal information colelcted by HIPAA covered entities:

  • “medical history, medical condition, or medical treatment or diagnosis. Health insurance policy, certificate number, or health insurance subscriber identification number – in combination with a unique identifier that permits…

Lege Trend. States Buying Cybersecurity Insurance.3 Bits informed:intel

  • Utah CIO say its expensive, a big budget item
    • $230,000 a year for $10 million in cyber coverage and has a $1 million deductible
  • 38% of state CIOs say their state has some sort of cyber insurance
  • Georgia has the largest amount of cyber coverage of any state
    • $100 million in coverage. $1.8 million-a-year premium & a $250,000 deductible per incident

Governing | Fearing Hackers, States Start Buying Cyber-Insurance + Insurance Journal

Lege Trend. OHIO Carrot and Stick in Data Security Bill for Businesses.

Ohio’s SB 220 sets up a benefit for businesses to comply: safe harbor from suit.

What’s required for a business to get the safe harbor? The business must  adopt “a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of personal information that complies with the NIST cybersecurity framework “

The Toledo Blade | Lawmakers offer legal carrot to defeat data breaches

OH SB 220 (2017)