utilities – InfoHive – Data Security

Anatomy of an "Aggressive" Cybersecurity Measure by the Razorbacks

Where: Arkansas

The legislation: Senate Bill 632 (2019 | AR)

What does SB632 do?

Creates the Cyber Initiative
Housed within the Economic Development Commission
mitigate the cyber-risks to Arkansas
increase education relative to threats and defense
provide the public and private sectors with threat assessments and other intelligence
foster growth and development around tech, IT and defense
create a “cyber alliance” made up of partnerships with a variety of insitutitions like…

Regulatory TREND. What do I need to know about Active Cyber Defense?

Active Cyber Defense uses private sector cyber bounty hunters and hackers to protect critical infrastructure.

Who is behind this concept?

An Atlantic Council report,
by, Frank Kramer, Assistant Secretary for International Security Affairs for the Clinton administration
and by, Bob Butler, Deputy Assistant Secretary for Space and Cyber in the Obama administration

How would this private sector system work? the private sector hackser would be deputized “certified active defenders” to assist…

Local TREND. Addressing Crypto Currency with Local Ordinances

Where: Missoula County, Montana

The County adopted rules for crypto miners that:

health & safety. County is “protecting the health, safety, morality and general welfare of the people in the district” by ensuring electricity for local residents
use limitation. crypto mining activities only in areas of light and heavy industry
waste limitations. provide evidence that all e-waste generated will be processed by a licensed waste management company

The Cryptoo Currency Post | Montana County…

Data Security new Threats to Water and Wastewater. Regulatory & Legislative Fixes on the Horizon.

IN March 2019 hackers got into a small Colorado water utility.

Are there regualtory parallels that can be made to secure the water and waste water systems? Yes, Water utilities & power distributors share similar industrial control systems

Which states have taken water security measures forward? NJ, NY

E& E News | Hackers force water utilities to sink or swim

4 Cyber Security Issues for Legislators

Election Security
Data privacy and Security think Marriott and Equifax Breach fixes to protect consumer data
Infrastructure Protection
Cyber Security Workforce

The Hill | Four cybersecurity priorities for Congress to confront active threats

3 Ways States Benefit from a State Data Officer.

data helps create more efficient permitting processes
- CT allows local governments to get occupational licensing data directly form the state
overdose data helps first responders and hospitals prepare for epidemics
Prevent fraud
- IN adopted its Indiana’s Management and Performance Hub to “integrate” data from several agencies to build custom analytics solutions.” Its addressing issues from car crashes and infant mortality to Medicaid optimization.
- TX shared data across agencies…

Lege TREND. State Cyber Law Enforcement and Protections. Anatomy of a Bill + Benefits to Cities.

HB 747 (2018 | OH) will estalish the Ohio Cyber Reserve to protect Ohioans from cyber terrorists.

Authors tout that the Reserve will also help cities with cyber inititatives.

How many aspects of cybersecurity will the reserve have its fingers in?

election security
local governments
critical infrastructure
businesses

Like the national guard, the reserve will act by Governor action.

Fox 8 | Ohio House passes bill to establish cybersecurity team

Government Technology | Ohio House Passes…

Lege TREND. Define Cyber Events like Hurricanes or Terrorism. Read the bill.

The Nevada Legislature will consider SB69 (2019 | NV) which is:

backed by the Division of Public Safety’s Division of Emergency Management
defines significant cyber events like invasions, disasters and riots
require schools, cities, counties and resorts to have emergency response plans
designates October as “Cybersecurity Awareness Month”
allows the governor to call on the national guard during a significant cyber event

Nevada Independent | New pre-filed bills take aim at education,…

5 Points. Apple Desired Information Privacy Law.

tech companies should de-identify customer data or not collect customer data
comprehensive federal law is necessary
- why? tech companies that collect a lot of data are basically spies
people should have a right in their data, and a right to have that data minimized
consumers must be told what data is being collected & why
the data belongs to the users and users (consumers) should always have access to it

The gold standard law: GDPR in the EU

Ars Technica | Tim Cook Calls for Strong US…

Utility + Ransomware= Policy Makers Need to Know. Hello, Hurricane Legislation.

Which utility was hit with ransomware? Jacksonville, North Carolina-based Onslow Water and Sewer Authority

when was the ransomware triggered? middle of the night Saturday, “specifically targeted” the utility in the wake of Hurricane Florence

what was the impact of the ransomware?

operating with limited computer capabilities
overwheliming IT support
accounts are being managed manually
not interrupt water and wastewater service

CyberScoop | Ransomware hits computer networks of North…